Megválaszolatlan hozzászólások | Aktív témák Pontos idő: csüt. márc. 28, 2024 21:49



Hozzászólás a témához  [ 1736 hozzászólás ]  Oldal Előző  1, 2, 3, 4, 5, 6, 7 ... 35  Következő
Vírus vagy mi lehet??? 
Szerző Üzenet
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Mikkor ra klikelsz az NETWORK ikonra, akkor ha DHCP_IP van akor automatikusan bealitja, ha nincsen dinamikus IP, akkor be kell irnod az IP-


szer. szept. 07, 2011 10:12
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Végignéztem az egész menürendszert, de csak olyat találtam hogy mini windows de az 98 és nem grafikus.
A windows xp pe menüpontban elindul egy mini xp meg az opera is, de nem tudok vele a netre kapcsolódni.
Ott is próbáltam a restore dolgot, de enter után semmi nem történik.


szer. szept. 07, 2011 10:02
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
na ,ok,
Akkor igyu.
A menuben valaszd ki a Hiren"s bootcd
Futtasd>>a menuben valaszt ki Minixp
Megvarod meg be bootol az asztara, ez az asztal a Hiren"s asztala, itt 2x ra klikelsz a Network>>>ikonra>>azrtan az Diskety>>aztan Boot WinTools>>
Browsers>>>>Opera>>>es ha mar itt leszel akkor irjal .


szer. szept. 07, 2011 9:37
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Azt írja hogy nem lehet futtatni a programot dos módban.


szer. szept. 07, 2011 9:27
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Ok, akkor eloszor megnezuk, maradt e visszalitasi pont, ha mardt akkor visszaalitod, egy kesobbi pontra, igy termeszetesen viszza altsuk a fertozeseket is, ha nincsen mar visszalitasi pont,akkor irjal

Tehat a parancssorba ird be ezt a parancsot,

%Systemroot%/system32/restore/rstrui.exe
Enter,
ha van valasz vastag datumot, ha nincsen akkor akarmijet,


szer. szept. 07, 2011 9:12
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Igen ez a főmenü megjelenik.A parancssorba be tudok lépni.


szer. szept. 07, 2011 9:08
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
http://wxpee.hu/simplicity/

Tehat ez van??
Es a parancssorba betudsz lepni??


szer. szept. 07, 2011 9:04
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Sajnos nem sima win-em van hanem simplicity extended edition. Nem találok olyan lehetőséget hogy javítás.
Milyen lehetőség van még ?
Ha egy másik windowst is tennék fel másik meghajtóra, arról tudnám pótolni a fájlokat ?


szer. szept. 07, 2011 8:58
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Nem, minden megmarad, csak a rendszerfajlokat at irja, a javito telepites, figyelmesen olvasd el ami a blogomban van, ot le van irva es ne tevedj meg, inkab olvasd el tobbszor.
http://www.virus-stell.com/2010/04/javi ... -2000.html


szer. szept. 07, 2011 8:47
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Az email-ek és a többi beállításom törlődnek ezzel ?
Az e-mailek outlook expressben vannak.
A rendszer visszaállítást újra bekapcsoltam, ez okozhatta a problémát ?


szer. szept. 07, 2011 8:40
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Csinald ezt

stell írta:
Na, ez csunya fertozes lesz, van e telepito lemezed??
ha van akkor csinalj Javito telepitest, mert kitoroltel, valami rendszer fajlot.
http://www.virus-stell.com/2010/04/javi ... -2000.html
ha kesz lesz irjal.


szer. szept. 07, 2011 8:36
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Igen van.


szer. szept. 07, 2011 8:34
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Na, ez csunya fertozes lesz, van e telepito lemezed??
ha van akkor csinalj Javito telepitest, mert kitoroltel, valami rendszer fajlot.
http://www.virus-stell.com/2010/04/javi ... -2000.html
ha kesz lesz irjal.


A hozzászólást 1 alkalommal szerkesztették, utoljára stell szer. szept. 07, 2011 8:35-kor.



szer. szept. 07, 2011 8:19
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Sajnos közben elment az egér és a billentyűzet a gépemről ezért most semmit nem tudok csinálni rajta. Most egy másik gépről írok. A windows előtt megy mind a kettő, de a windowsban egyik sem. Nem tölti be a drivereket szerintem. Ezt hogy lehet helyrehozni ?


szer. szept. 07, 2011 8:15
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Ok, probald meg meg egtszer az AVPTOOL al csokkentet modban, halozat nelkul, a skent, ha ott se menne akkor irjal,ha keri a restartot, akkor megint csak csokkentet modba tedd.


szer. szept. 07, 2011 8:01
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
A programokat leszedtem, amiket kértél.
Az AVPTOOL programmal nem sokra mentem.
Először azt írta, hogy vírust talált és az újraindítás után tudja csak eltávolítani, de az újraindítás után nem csinált semmit. Aztán 2. alkalommal elindítottam a programot és már 1%-nál kilépett.
Az újraindítás előtt ezt a két log fájlt tudtam csak menteni.

Status: Detected (events: 1)
2011.09.06. 21:40:05 Detected Trojan program Backdoor.Win32.ZAccess.ob c:\WINDOWS\1740172446:1628653464.exe High

Status: Will be deleted when the computer is restarted (events: 1)
2011.09.06. 21:41:59 Will be deleted when the computer is restarted Trojan program Backdoor.Win32.ZAccess.ob c:\WINDOWS\1740172446:1628653464.exe High
Status: Disinfected (events: 1)
2011.09.06. 21:42:13 Disinfected Trojan program Rootkit.Win32.ZAccess.e c:\WINDOWS\system32\drivers\serial.sys High


kedd szept. 06, 2011 21:13
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
AZ nem program, hanem virus, es igen veszejes, mert megfertozte a rendszer fajlokat,Most pontosan csinald amit irok, mert ez Fileinfector virus, ezert lehet egy csomo fertozes.

1:Szed le a geprol a vezerlo pulto altal ezeket a programokat:
Idézet:
c:\program files\Spyware Doctor
c:\program files\Spyware Terminator
c:\program files\Lavasoft\Ad-Aware\
c:\program files\AVG9


AZ AVG9 hez hasznald a letelepito seged programot is
http://www.virus-stell.com/2010/04/anti ... ramok.html

2:Kikapcsolod a rendszer visszaalitasat, es at viszgalod a Gepet az AVPTOOL programal, ugy alitsd be ahogy le van irva, a vegen csinalj logot es tedd ide
Letöltés 11 verziót
http://www.virus-stell.com/2010/04/avptool.html
A logot a vegen majd csinald igy.
klik jobb oldalon fent az jedzet tomb ikonjara aztan baloldalt kozepen a fullre Detected threats>.aztan kozepen>> SAVE>>adj neki nevet, es tedd az asztalra, aztan ide a forumba, es aztan meglatom hogy mi van.


kedd szept. 06, 2011 14:24
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Szia !

A gépet újraindítottam csokkentett módban és úgy csináltam mindent ahogy leírtad.

A RogueKiller lefutott a naplókat lejjebb bemásolom.
A Malwarebytes programot nem engedte használni a vírus.
Először elindult a vizsgálat de aztán egyszercsak kilépett. Aztán már nem tudtam hozzáférni.
A swmbr szintén kilépett.
A combofix lement a naplót bemásolom.
Azt már észrevettem, hogy a 1740172446:1628653464.exe nevű program eltűnt a futó folyamatok listájáról.
Ez milyen program lehetett ?
Még egyszer köszönöm a fáradozásaidat !

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Rendszergazda [Admin rights]
Mode: Remove -- Date : 09/06/2011 13:47:25

Bad processes: 2
[SUSP PATH] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc]
[RESIDUE] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc]

Registry Entries: 4
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Rendszergazda [Admin rights]
Mode: HOSTSFix -- Date : 09/06/2011 13:48:56

Bad processes: 1
[SUSP PATH] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc]

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Rendszergazda [Admin rights]
Mode: ProxyFix -- Date : 09/06/2011 13:49:23

Bad processes: 1
[SUSP PATH] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



ComboFix 11-09-06.01 - Rendszergazda 011.09.06. 14:10:54.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.511.389 [GMT 2:00]
Running from: c:\documents and settings\Rendszergazda.DEMO-DE1F798F41\Asztal\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\demo\Application Data\PriceGong
c:\documents and settings\demo\Application Data\PriceGong\Data\1.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\a.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\b.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\c.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\d.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\e.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\f.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\g.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\h.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\i.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\j.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\k.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\l.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\m.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\n.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\o.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\p.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\q.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\r.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\s.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\t.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\u.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\v.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\w.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\x.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\y.xml
c:\documents and settings\demo\Application Data\PriceGong\Data\z.xml
c:\documents and settings\demo\Dokumentumok\2010.doc
c:\documents and settings\demo\WINDOWS
c:\documents and settings\Rendszergazda\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Rendszergazda\Local Settings\Application Data\ApplicationHistory\SLAD.tmp.d533f5f6.ini
c:\documents and settings\Rendszergazda\Local Settings\Application Data\ApplicationHistory\SLD.tmp.79e9943.ini
c:\documents and settings\Rendszergazda\WINDOWS
C:\DSC00254.JPG
c:\program files\2
c:\program files\2\Trend Micro\HiJackThis\HiJackThis.exe
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\metxveie.dll
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063131.exe
.
Infected copy of c:\program files\Avira\AntiVir Desktop\sched.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP210\A0063716.exe
.
Infected copy of c:\program files\Avira\AntiVir Desktop\avguard.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP210\A0063718.exe
.
Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063046.exe
.
Infected copy of c:\program files\AVG\AVG9\avgwdsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063042.exe
.
Infected copy of c:\windows\system32\brsvc01a.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063044.EXE
.
Infected copy of c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063041.exe
.
Infected copy of c:\windows\system32\FsUsbExService.Exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063040.Exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063039.exe
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063038.EXE
.
Infected copy of c:\program files\Spyware Doctor\pctsAuxs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063035.exe
.
Infected copy of c:\program files\PC Connectivity Solution\ServiceLayer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063033.exe
.
Infected copy of c:\program files\Spyware Terminator\sp_rsser.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063034.exe
.
Infected copy of c:\windows\system32\FsUsbExService.Exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063040.Exe
Infected copy of c:\program files\PC Connectivity Solution\ServiceLayer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063033.exe
Infected copy of c:\program files\Spyware Terminator\sp_rsser.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063034.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_9eecb867
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-06 11:52 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-06 11:52 . 2011-09-06 11:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-09-06 11:52 . 2011-09-06 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-06 11:52 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-06 11:47 . 2011-09-06 11:49 -------- d-----w- C:\stell
2011-09-05 20:31 . 2011-09-05 20:31 -------- d-----w- c:\documents and settings\demo\Application Data\Avira
2011-09-05 20:29 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-05 20:29 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-09-05 20:29 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-09-05 20:29 . 2011-09-05 20:29 -------- d-----w- c:\program files\Avira
2011-09-05 20:12 . 2011-09-05 20:12 388096 ----a-r- c:\documents and settings\demo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-05 19:48 . 2011-09-05 19:48 -------- d-----w- c:\documents and settings\Rendszergazda.DEMO-DE1F798F41
2011-09-05 19:40 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-05 19:39 . 2011-09-05 19:39 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2011-09-05 19:39 . 2011-09-05 19:39 -------- d-----w- c:\program files\Lavasoft
2011-08-15 10:57 . 2008-04-13 08:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-08-15 10:57 . 2008-04-13 08:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2011-08-15 10:56 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-15 09:32 . 2011-08-15 11:01 -------- d-----w- c:\documents and settings\demo\Application Data\Nokia
2011-08-15 09:21 . 2011-08-15 09:21 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-15 09:21 . 2011-08-15 09:21 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-15 09:21 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-08-15 09:20 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-08-15 09:20 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-08-15 09:20 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-08-15 09:20 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-08-15 09:20 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-08-15 09:20 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-08-15 09:20 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-08-15 09:20 . 2011-08-15 09:21 -------- d-----w- c:\program files\Nokia
2011-08-15 09:18 . 2011-08-15 09:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2011-08-10 21:47 . 2011-08-10 21:47 -------- d-----w- c:\documents and settings\demo\Local Settings\Application Data\Threat Expert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:29 . 2009-11-05 18:26 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-08-04 08:33 . 2011-08-04 08:33 1409 ----a-w- c:\windows\QTFont.for
2011-07-21 10:15 . 2009-04-26 11:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-16 10:43 . 2011-06-16 10:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2009-10-27 11:44 . 2009-04-26 10:41 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-10-27 11:44 . 2009-04-26 10:41 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-10-27 11:44 . 2009-04-26 10:41 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-10-27 11:44 . 2009-04-26 10:41 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-10-27 11:44 . 2009-04-26 10:41 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-10 75776]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Indˇt˘pult\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 09:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\Downloads\\utorrent.exe"=
"d:\\WINDOWS\\utorrent.exe"=
"c:\\Documents and Settings\\demo\\Asztal\\utorrent-1.5.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\demo\\Dokumentumok\\Downloads\\O&O Defrag Professional v11.5.4065 hun\\O&O Defrag Professional\\40000015400002i\\oodag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\demo\\Dokumentumok\\Downloads\\O&O Defrag Professional Edition v14.1.431 - Portable\\O&O Defrag v14.1.431 - Portable.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\demo\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\DVDVideoSoft\\Free Studio\\Free YouTube Download\\FreeYouTubeDownload.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\apnstub.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Rendszergazda.DEMO-DE1F798F41\\Asztal\\aswMBR.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010.04.05. 23:23 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011.09.05. 21:40 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011.06.30. 19:40 207280]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010.04.05. 23:23 243152]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011.06.30. 19:40 229304]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010.02.18. 13:45 691696]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011.06.30. 19:48 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011.06.30. 19:48 59664]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2009.11.25. 14:11 19232]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010.04.05. 23:23 216400]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011.02.17. 22:48 142592]
S1 TRIXX;TRIXX;c:\program files\TRIXX\TRIXXDriver.sys [2005.08.16. 13:17 15360]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011.09.05. 22:29 136360]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010.06.22. 11:27 308136]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2011.06.30. 19:45 112592]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009.12.22. 23:08 233472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010.08.12. 14:15 1355416]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.09.06. 13:52 366640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2011.06.30. 19:39 358600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009.12.22. 23:08 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.09.06. 13:52 22712]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011.06.30. 19:39 70408]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009.12.22. 23:09 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009.12.22. 23:09 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009.12.22. 23:09 121856]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011.06.30. 19:48 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
2011-08-30 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
2011-09-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
2011-06-29 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
2011-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
.
2011-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-1177238915-1003Core.job
- c:\documents and settings\demo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 10:29]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-1177238915-1003UA.job
- c:\documents and settings\demo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 10:29]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.250.1
FF - ProfilePath - c:\documents and settings\Rendszergazda.DEMO-DE1F798F41\Application Data\Mozilla\Firefox\Profiles\y1bmz6g9.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 14:35
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="639BEA9BE594ACC795BA9AE19BA37F960FF7DCAEDAD02205472A8D6703D7BE7ADE6E35BF8A09D2300C048CABC76561A4C32CD54C0C41F098C99DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC79338EDD5E5BE2F6E667D2BE00EC87778999126F830155C20F3B66609606BFF6F2FCEFFC11A440D750698AD2F4D7DED2CFB1A088081F300227A6DAE4C1B2A3B574389364075529976183225FB9249DD494FE6FC10F0E8BE0F723E4D0C0C13D424CB49F838BC21C6E9191F8E2F4FCE23CB315630A6CF01DE1190E0F24B6F0F3006E3A6288ACE556C2CE5F45DDC13162123A6C37D268912BCBD4A53861B79F469601F081A96BD62ABD40A190D6B0B4639EE85E7892BFDA95AAA98F9311CCD34474E0E675A0BF54FCCBBCED35D7C21C41EFB52B08C5A15C494CC953A6BDF1B594C69C0C8628903F4A1ED23EE46DEF246A5949F71CE9334ACB459CDFCCF79993EF84F8B7D701BF1FA0AB41F0A5A8A3ABE3F00349BE818BFDB56CBB02B55329DC24646CA2DCF01C1CA12A7C49CF213C34C28FF20D4E14B670B35C75716367772791E122E95BC0ED84049AAD6C0F708D66B3D4DE10FB2B34430574CDC3AC50D3AA2DBE7A1070BB6D4A12BBB1E5E432DC0BF52241884D56F93BFDD7F977BB2DFEC5027E09780CB3C905A89298A3A50AE6935B9D468C9B28EDBD086CE46C91A0AB772C68156D717C25EB3BE9A7787A9D5A91CC31501695B6EC589DE02D66FDD306665C099A9C386F94DE50CD551AE0155ABA460C73073D9DC7BB5021258EA9F2A8DAD832C798CD68A25E028F50A2281EFC6C5520FBA1E7F9413AC3E0536F0EABA6C1FA7581D3EFC8CD127D447912F56B4EA49C22E48D3EEE12CB3198F17C7B3383ABAEAD5F2B33F5084287C4624943334D85D50EE1D540A4660EE382F0099341384D77F42B587F5636DC732F5610DCAD6BD64AA0D6E9BDC4DD3FBC9DF04CCD90B380682B668010D7B2F4AD63D18F631991825B5D5D9DDDFC8CC3AFACCAE2F460D3412C76C3A6F56CCC40B30803D5CA371B98F988C2291A01F9A345B8064EA776EFB07FBD2BB31306C6971806D0D65C4D55CBAE2E0AA5BF08A389190B64F1D8975114342DB7772120D3F980095268B5260472939BE793704BF7C8DC335597CD9134D4AFB5B8A1AAB521882782D544C60E5E075AE245572289DC51530502E923B3497E690A33C70FC64A895B2AD989D4568F2AC35BC0B61F08A83DD59643FA47D1B5437023DCE30459E2E6FE7593BA7756369C281DABDE0589A74750C3A73D7CC213F5653EA1D28F76702F08A46B3D1CE6E4C773088ADCC5DB1A50C1ACF20B5AE1ED92FDD9A0560E296D9281B7FE5C856524B3243D18A6264CB4DC41B2991F4A104733833A"
"OODEFRAG11.00.00.01WORKSTATION"="C48CED0D5A63710B70FC5CB7E6C41B80A823A79A7487826248653C97D23A8484764F6410B749B0439F3B4DC5F851CFD0EC4A1D1E5644075FE22F9AAED3D207157843E5162532464ED272B9A927A8D2B1836FC675EAF03018584118824F6CC53F451787FA2F1C5D4BCF75490E16F9309F96AA7FB48D140A055F17DD377B006F16BCCBE58F0517E58A3FEBA88F0E8BBA4BB9E6A166C2C7655291049963B29DF565A1B79D9679479116ACCF07407BB6831662648F89ADBA58616DAA7D1174698FA99B05D14907E3D8A488EE1624F068E39868372E8E1B2DBAC456843FBFE29836FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC79338EDD5E5BE2F6E667658C60D0AFE7CF7B4C0E688A19B6D9B9BC96BDC9807040A0C1BEEC62F3CD357F42DA5DEB440C6E6B64D0D72B5407552A43F45D04AFE588377385540000502BCB58A27E6B42BE848444664172D7CE7606740A3BDEDD36B347CD91345BE0345AD47615CF4A53224E38B98B16AC5A8A6B6039374F9870D506A4751029C048063D4E2147B08894FB983D44DD1CAB8856F78F30C5E1F53D5C5866C60F9F875C7562B010B354AC98B5468A18DF6CC6007773ACA9DE913B12061767D0855B05B35968B82EB6443F66DD4CDF9EF7F1D453D249162C94CE352FB1C1485349F2945D2806E49B125A4B7627B7BC74F0EEB68BF5796EF057E1B047E36CE9C79952175A8104F9AB6B47E2B7E4A46569F777CA228C169B6501E18003C5BFF4D715B6EF1EA3C001E4CB0E998C13C5E4032074F9856C4648AACC3E7C7DA078D360C0B3861375ABC5832188894ACFE108F7DF23AB1A0BC56196D838FEC8E666B6F50330C6157FCBD7F73DDF4D3B5BD2DEB692934DB6836499B329E5E5672A6E10DDABE69FF66E398CE45315879D9D87BFDFF42B52279484673F25319451A4089693E865857C92A27BA1007CDC231F01C245AAA2AFA7A19E85A89756F0F2B03F4545CF90EF5EE147003A3D3DF3718E564672B8075EEDB03C701831E866AC4E35DC55D89D5A4BF37D3A6E6FD37AA3BBB1E9A38B38DC206DFDEB6584CDE2D1221E5FD9E018456107308F305A0E22479FD11447706BABD8A696FC1E88BF5AABF342931EA65EB238FA5928A927929E5D52096E831829D128CE4EEE8599CB42F42F7C06A0CF232C58558C6E3464D629DC123C64B01CCED8107D7F4F8FF7D2955EE3BF041365ED3BBEBF6F94DF0326FC30C067A75B750DCD88ED98EF66440C538A460EA25DD19871DB05398DEF58235C3564972FC3026841FA7D1FE66609817D14AE803819665261949838915D9D408BBDA76FB05E0539CB48B0A80FA2AE0F9B0597C35F94D81E23438C4E1DD17044D20FD6252D5324AC04C32D6086DF"
"OODEFRAG14.00.00.01PROFESSIONAL"="1F20F5E68E0D39D685606112E405D0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A2D97226D213B55527D2CC72F26A65268F44B2D247F00C27A6BE554B01957FA23B4F9B716F2B81AD08CBE800CBDD0DB610CB21B30F9DB00E7D79487E6ACD69BF1BAA2D86C04B9CB75E50A0F5343F12BF77AEC12045470D447DEFD6E98564ED6FA0F8BD12D047E08E749EDCBB1DDC26CCC299B654DA385CBAF4D97DBE62C36EA80A9F41D8F0C67BCC9A672CC7BABBDDBDF229469C84F23D36B6E2583E5707B43519F44F333AA27B6224CF3C298592B3C40CEF5A5CBBABB1CD96292C417E82E8B29546250E07E9D511E8F0E48138CB046B95F280093D4B20716FBFDEB2B63A1E924952A0E8766062EF45D71D83D408118D9E2D6BAE0BECD3DE9DAE7C12A0E8441B834EC6D76BFADE691705037B1F9B7F5AB68D6FE9E96279AC84EF32F024FAB5E417E140830E64EA3DC26ED6C41E8C59D57273876DE2B0A3C188F2D479E9912CDED9A85728C77B0BFC327CFCD11F960DD76A37527FC10FC9DD931B5A646104C7CAA5347D96C9D3A590CC8B0027B1AA690B3CA290FA1A6A470F143FDD02BCDA8B3E5C86C4B285328AB1866D8B5E2AEA25EF0772A7CD40E2D73B7A299DB570D2DE22DC98E6F33392686F50E7F0A32030DA5BEFD923794C4E209BBD197DF5B7DD0DB690573FE84E23D32C2233A4BAF08306F320FD30159CB3A43CD5C283CF12A2C58AE0214DAE94454621787C4076BC278936447A9FCAD25051FD42CB5BE0BE799C853C4A34FB0A109956D2E47F41E58CA9700CDBE85952947496825053DC47F088E0161BBD17F54F10AA3480C498955D8F472D24A592C4253F0D9E5E5E8BF248E5AAE4D055DE63004DD2A359140D3973CA33DFCA93DB97DB493F1E7914C7D0F772C323990AC1A0565B53AF6C17457EDECA7FE03714B1FC420D5E9018AF80B3A852E24E1B10454236240AE52A99F75C63654C71CAAD20681BE7EE07A60E3931370E11EB6CC0001E3CF9A2D8F70EF409F6D30CD4D40B4A945A1D481603340BA3340F2D7F99151E51371020A2AF071C80483409D31DF7E5FCA8D298D880479D29E7A66896222FE238A7005BDC1DBF6383B3875CBC5C673F646193E06B661433A3C887C7BD7BD11FF746447EA881135497CEB2F6DEC070324F184E7571EE071EB907C7A6088C663E77FB4007A992048A8260019C0F6D4B32868DD3FE0EC936455483E4B18CB1F6B96168B54806F83639D0631DE4A677D645963DDAF96D995624A3D1BD6AE5BBB523A5DDCEE9EAD0F1A55588993B0169938652D100B83C76C2CA19BD94A7B2EC741EF6E19666872D26A621B2EC618041A9234E2CBE5EAB6B7A5BE9C31291957E2BE4CBB0FD0B0F"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
.
**************************************************************************
.
Completion time: 2011-09-06 14:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-06 12:37
ComboFix2.txt 2009-02-01 12:30
.
Pre-Run: 2 563 665 920 bájt szabad
Post-Run: 4 292 218 880 bájt szabad
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /nopae /fastdetect /bootlogo /noguiboot /noexecute=optin
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP extended" /noexecute=alwaysoff /nopae /fastdetect /bootlogo /noguiboot
.
- - End Of File - - 5B0D64843EA71166AFCA1DE1CB9654A7


kedd szept. 06, 2011 13:54
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Szia
Igen, biztosan tudok segiteni, de ma mar eleg oreg az ido, ezrt, megcsinalod igy ahogy leirom, es holnap, megnezem, es megcsinaljuk a pc-t.

1:ha nem engedi futtatnia hijackot, akkor biztos hogy virus, Rootkit, van a gepen, csinald igy,

2:Lemegy csokkentet modba a halozattal,
1: Indítsa újra a számítógépet csökkentett módban hálózattal.
a:) Nyomja meg az F8 és tartsa lenyomva.
b:) Meg kell nyomni az F8 billentyűt, mielőtt a Windows logó megjelenik.
c:) Ha a Windows logó megjelenik, akkor próbálja meg ismét az F8 újra.
d:) A képernyőn a nyíl gombokat a kívánt beállítás csökkentett módban, majd nyomja le az ENTER billentyűt.

3:Letoltod az RogueKillert az asztalra, es futtatod az 2,3,4 lehetoseget, ugy ahogy le van trva, a naplokat tedd ide
http://www.virus-stell.com/p/ingyenes-h ... ogueKiller

4:Most nem szabad restartolni a gepet, de rogton futtatod a Malwarebytes programot, teljes vizsgalat,a talaltakot torlod
anaplot tedd ide
http://www.virus-stell.com/2010/04/malw ... lware.html

5:Futtatod a swmbr, a naplot tedd ide.
http://www.virus-stell.com/p/ingyenes-h ... tml#aswmbr

6:Futtatod a combofixet a naplot tedd ide.
http://www.virus-stell.com/2010/04/combofix.html

Holnap folytassuk.


hétf. szept. 05, 2011 21:44
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: hétf. szept. 05, 2011 21:22
Hozzászólások: 51
Hozzászólás Re: Vírus vagy mi lehet???
Szia Stell !

Szeretném a segítségedet kérni. Valami vírust szedhettem össze, mert amikor valamilyen weboldalt akarok megnyitni mindig reklám oldal jön be helyette. Akartam neked egyből egy Hijackthis logot küldeni, de a programhoz valami nem enged hozzáférni.
Tudsz nekem segíteni ?

Válaszodat előre is köszönöm !

Tomi


hétf. szept. 05, 2011 21:28
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Nincsen mit
udv


pén. aug. 26, 2011 17:27
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
az avira a fájlt karanténba zárta.
a tűzfalat telepítettem.
semmi rosszat nem tapasztalok
mindent nagyon köszönök stell, nagyon hálás vagyok a segítségedért :)


pén. aug. 26, 2011 17:18
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Idézet:
D:\letöltések\Jetico.Personal.Firewall.v2.0.0.35-EDGE-gospel tuttisarok.mlap.hu.rar


Ha annak nezte akkor biztos valami crackolt, de hat nezd meg ott ahol irja, tehat a D:>>>meghajton, es az lletöltések >>Mappaban, ha nincsen ott akkor karantenba zarta, vagy torolte, ha ott van Torold,
D:\letöltések\Jetico.Personal.Firewall

Ok most mar renben van a gep, mar csak tuzfalat telepisc, az PCTOOLS ingyenes tuzfalat, es kesz.
Ha minden jo akkor vegeztunk
Meg telepitsd le a geprol a combofixet,


pén. aug. 26, 2011 11:12
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
az avira talált egy ilyen fájlt: D:\letöltések\Jetico.Personal.Firewall.v2.0.0.35-EDGE-gospel tuttisarok.mlap.hu.rar ,ami szerinte trójai,de én hiába keresem nem találom ezért nem tudom törölni. hogy szabaduljak meg tőle?

a log:
ComboFix 11-08-25.05 - Buci 011.08.26. 10:27:06.5.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.375 [GMT 2:00]
Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Buci\Asztal\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Tasks\MP Scheduled Scan.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Microsoft Security Client
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.cat
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.inf
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.cat
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.inf
c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.sys
c:\program files\Microsoft Security Client\Antimalware\EN-US\MpAsDesc.dll.mui
c:\program files\Microsoft Security Client\Antimalware\EN-US\mpevmsg.dll.mui
c:\program files\Microsoft Security Client\Antimalware\MpAsDesc.dll
c:\program files\Microsoft Security Client\Antimalware\MpClient.dll
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCommu.dll
c:\program files\Microsoft Security Client\Antimalware\MpEvMsg.dll
c:\program files\Microsoft Security Client\Antimalware\MpOAv.dll
c:\program files\Microsoft Security Client\Antimalware\MpRTP.dll
c:\program files\Microsoft Security Client\Antimalware\MpSvc.dll
c:\program files\Microsoft Security Client\Antimalware\MsMpCom.dll
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpLics.dll
c:\program files\Microsoft Security Client\Backup\en-us\amhelp.chm
c:\program files\Microsoft Security Client\Backup\en-us\epploc.cab
c:\program files\Microsoft Security Client\Backup\en-us\epploc_x86.msi
c:\program files\Microsoft Security Client\Backup\en-us\eula.rtf
c:\program files\Microsoft Security Client\Backup\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\Backup\eppmanifest.dll
c:\program files\Microsoft Security Client\Backup\hu-hu\amhelp.chm
c:\program files\Microsoft Security Client\Backup\hu-hu\epploc.cab
c:\program files\Microsoft Security Client\Backup\hu-hu\epploc_x86.msi
c:\program files\Microsoft Security Client\Backup\hu-hu\eula.rtf
c:\program files\Microsoft Security Client\Backup\hu-hu\setupres.dll.mui
c:\program files\Microsoft Security Client\Backup\hu-hu\x86\amloc-hu-hu.msi
c:\program files\Microsoft Security Client\Backup\setupres.dll
c:\program files\Microsoft Security Client\Backup\x86\dw20shared.msi
c:\program files\Microsoft Security Client\Backup\x86\epp.msi
c:\program files\Microsoft Security Client\Backup\x86\legitlib.dll
c:\program files\Microsoft Security Client\Backup\x86\mp_ambits.msi
c:\program files\Microsoft Security Client\Backup\x86\setup.exe
c:\program files\Microsoft Security Client\Backup\x86\sqmapi.dll
c:\program files\Microsoft Security Client\Backup\x86\windows6.0-kb981889-v2.msu
c:\program files\Microsoft Security Client\Backup\x86\windows6.1-kb981889.msu
c:\program files\Microsoft Security Client\CleanUpPolicy.xml
c:\program files\Microsoft Security Client\ConfigSecurityPolicy.exe
c:\program files\Microsoft Security Client\en-us\amhelp.chm
c:\program files\Microsoft Security Client\en-us\eula.rtf
c:\program files\Microsoft Security Client\en-us\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\en-us\shellext.dll.mui
c:\program files\Microsoft Security Client\eppmanifest.dll
c:\program files\Microsoft Security Client\HU-HU\amhelp.chm
c:\program files\Microsoft Security Client\HU-HU\eula.rtf
c:\program files\Microsoft Security Client\HU-HU\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\HU-HU\setupres.dll.mui
c:\program files\Microsoft Security Client\HU-HU\shellext.dll.mui
c:\program files\Microsoft Security Client\LegitLib.dll
c:\program files\Microsoft Security Client\MsMpRes.dll
c:\program files\Microsoft Security Client\msseces.exe
c:\program files\Microsoft Security Client\MsseWat.dll
c:\program files\Microsoft Security Client\setup.exe
c:\program files\Microsoft Security Client\setupres.dll
c:\program files\Microsoft Security Client\shellext.dll
c:\program files\Microsoft Security Client\sqmapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MsMpSvc
-------\Legacy_MsMpSvc
-------\Service_MsMpSvc
-------\Service_MsMpSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-24 08:34 . 2011-08-24 10:39 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\documents and settings\Buci\Application Data\Avira
2011-08-24 08:03 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-24 08:03 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-24 08:03 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-24 08:03 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\program files\Avira
2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-24 07:45 . 2011-08-24 07:58 59120008 ----a-w- C:\avira_antivir_personal_en.exe
2011-08-15 16:49 . 2011-08-15 16:49 -------- d-----w- C:\_OTL
2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes
2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads
2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint
2011-08-09 21:15 . 2011-08-24 16:51 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit
2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-08-09 21:01 . 2011-08-24 16:52 -------- d-----w- c:\program files\CheckPoint
2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro
2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 11:32 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 09:36 . 2011-05-08 05:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-26 08:40 . 2011-08-26 08:40 16384 c:\windows\temp\Perflib_Perfdata_544.dat
- 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-01-28 21:10 . 2010-02-22 14:27 18296 c:\windows\system32\spmsg.dll
+ 2011-01-28 21:10 . 2010-07-05 13:19 18296 c:\windows\system32\spmsg.dll
+ 2011-08-24 08:03 . 2010-06-17 13:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-08-25 09:45 . 2011-08-25 09:45 28160 c:\windows\Installer\b8eb1.msi
+ 2011-08-25 09:18 . 2011-08-25 09:18 49152 c:\windows\Installer\9add10.msi
+ 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi
+ 2011-08-14 11:32 . 2011-08-14 11:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
+ 2011-08-14 11:32 . 2011-08-14 11:32 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll
+ 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2011-08-25 09:45 . 2011-08-25 09:45 483840 c:\windows\Installer\b8eaa.msi
+ 2011-08-25 09:45 . 2011-08-25 09:45 301056 c:\windows\Installer\b8ea4.msi
+ 2011-08-25 09:16 . 2011-08-25 09:16 785920 c:\windows\Installer\9add07.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-04-21 05:53 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011.08.24. 10:03 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.08.12. 21:17 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712]
R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.147.80.30 195.56.172.157
FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 10:41
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2011-08-26 10:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 08:51
ComboFix2.txt 2011-08-25 15:18
ComboFix3.txt 2011-08-24 17:38
ComboFix4.txt 2011-08-14 09:10
ComboFix5.txt 2011-08-26 08:24
.
Pre-Run: 3 907 764 224 bájt szabad
Post-Run: 3 834 556 416 bájt szabad
.
- - End Of File - - 18837003A04069393F329711BE0F9E9C


pén. aug. 26, 2011 9:08
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara.
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad tedd ide.
Kód:
KILLALL::
SecCenter::
{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"=-
Folder::
c:\program files\Microsoft Security Client
File::
c:\windows\Tasks\MP Scheduled Scan.job


csüt. aug. 25, 2011 16:40
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
ComboFix 11-08-24.06 - Buci 011.08.25. 16:35:51.4.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.348 [GMT 2:00]
Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Buci\Asztal\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpasbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpasdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpavbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpavdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavbase.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{310E3E7A-2E4F-40B0-BBE4-D17F0026CE56}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{319F6466-BCEB-4515-80DE-49BD95CF7E76}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{340F7A93-E9B6-4CF6-845E-7B1F96BECDAD}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{35AD74BB-B895-4EC9-9A66-785E89BE5CCB}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4EE45EC7-CF9E-4911-B10A-456F3C68FCCD}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6E5F6249-3E59-47D1-8475-00E8782666D9}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7BF3C8E5-3AF3-4553-B874-9E4CC95318D8}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7C5CB493-34FC-4965-953B-928ABB99B393}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AC2BE64F-6F4C-46EF-8DB0-87B2FC839AE2}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BD8DD1BB-ABBD-4996-8BC1-29ED25080F04}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{ED1163D8-C6F1-44CE-9189-EB29524B6376}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\History.Log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Unknown.Log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin.67
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin.80
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin.87
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPDetection-08062011-085616.log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPLog-10092010-115752.log
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08102011-152833-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08112011-075444-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08112011-133000-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08112011-140241-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-072636-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-110614-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-143037-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-160126-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-161053-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-171824-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-173330-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-203043-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-215827-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-221657-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-223425-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-225352-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-103459-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-105427-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-121727-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-134434-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-141948-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-150334-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-180142-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-095344-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-100827-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-101217-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-101624-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-103358-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-105014-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-132856-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-172017-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-102750-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-183300-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-184922-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-185614-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08162011-064306-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08212011-181917-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-093830-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-131055-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-192026-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-193251-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-200214-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-093413-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-183701-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-185220-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-220835-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-081418-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-111555-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-111819-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-112349-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-113229-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-114500-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-142305-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-161719-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-162358-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-163602-00000003-ffffffff.bin
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing.bin
c:\documents and settings\Default User\IETldCache
c:\documents and settings\Default User\IETldCache\index.dat
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpasbase.vdm
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpasdlta.vdm
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpavbase.vdm
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpavdlta.vdm
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpengine.dll
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpasbase.vdm
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpasdlta.vdm
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpavbase.vdm
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpavdlta.vdm
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpengine.dll
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpasbase.vdm
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpasdlta.vdm
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpavbase.vdm
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpavdlta.vdm
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpengine.dll
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpasbase.vdm
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpasdlta.vdm
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpavbase.vdm
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpavdlta.vdm
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpengine.dll
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpasbase.vdm
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpasdlta.vdm
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpavbase.vdm
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpavdlta.vdm
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpengine.dll
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpasbase.vdm
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpasdlta.vdm
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpavbase.vdm
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpavdlta.vdm
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpengine.dll
c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures
c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpasbase.vdm
c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpavbase.vdm
c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpengine.dll
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpasbase.vdm
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpasdlta.vdm
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpavbase.vdm
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpavdlta.vdm
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpengine.dll
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpasbase.vdm
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpasdlta.vdm
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpavbase.vdm
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpavdlta.vdm
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpengine.dll
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpasbase.vdm
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpasdlta.vdm
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpavbase.vdm
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpavdlta.vdm
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpengine.dll
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_MPKSL0C29A34B
-------\Legacy_MPKSL15DEFB2B
-------\Legacy_MPKSL19FD8693
-------\Legacy_MPKSL2E809B33
-------\Legacy_MPKSL37B02D4C
-------\Legacy_MPKSL3F652946
-------\Legacy_MPKSL480D34F2
-------\Legacy_MPKSL5D15A75E
-------\Legacy_MPKSL6F5D6229
-------\Legacy_MPKSL889ABABC
-------\Legacy_MPKSL8ACB86C7
-------\Legacy_MPKSL8F16CB61
-------\Legacy_MPKSL916D6E3C
-------\Legacy_MPKSL967D1F4C
-------\Legacy_MPKSL9D929B10
-------\Legacy_MPKSLCC13E5ED
-------\Legacy_MPKSLD7EE844B
-------\Legacy_MPKSLE565BB83
-------\Legacy_MPKSLE66E30F7
-------\Legacy_MPKSLEDAB6BA5
-------\Legacy_MPKSLF3EDB394
-------\Legacy_MPKSLF80A10CA
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MpKsl0c29a34b
-------\Service_MpKsl15defb2b
-------\Service_MpKsl19fd8693
-------\Service_MpKsl2e809b33
-------\Service_MpKsl37b02d4c
-------\Service_MpKsl3f652946
-------\Service_MpKsl480d34f2
-------\Service_MpKsl5d15a75e
-------\Service_MpKsl6f5d6229
-------\Service_MpKsl889ababc
-------\Service_MpKsl8acb86c7
-------\Service_MpKsl8f16cb61
-------\Service_MpKsl916d6e3c
-------\Service_MpKsl967d1f4c
-------\Service_MpKsl9d929b10
-------\Service_MpKslcc13e5ed
-------\Service_MpKsld7ee844b
-------\Service_MpKsle565bb83
-------\Service_MpKsle66e30f7
-------\Service_MpKsledab6ba5
-------\Service_MpKslf3edb394
-------\Service_MpKslf80a10ca
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-24 08:34 . 2011-08-24 10:39 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\documents and settings\Buci\Application Data\Avira
2011-08-24 08:03 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-24 08:03 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-24 08:03 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-24 08:03 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\program files\Avira
2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-24 07:45 . 2011-08-24 07:58 59120008 ----a-w- C:\avira_antivir_personal_en.exe
2011-08-15 16:49 . 2011-08-15 16:49 -------- d-----w- C:\_OTL
2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes
2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads
2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint
2011-08-09 21:15 . 2011-08-24 16:51 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit
2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-08-09 21:01 . 2011-08-24 16:52 -------- d-----w- c:\program files\CheckPoint
2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro
2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 11:32 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 09:36 . 2011-05-08 05:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 15:05 . 2011-08-25 15:05 16384 c:\windows\temp\Perflib_Perfdata_590.dat
- 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-01-28 21:10 . 2010-02-22 14:27 18296 c:\windows\system32\spmsg.dll
+ 2011-01-28 21:10 . 2010-07-05 13:19 18296 c:\windows\system32\spmsg.dll
+ 2011-08-24 08:03 . 2010-06-17 13:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-08-25 09:45 . 2011-08-25 09:45 28160 c:\windows\Installer\b8eb1.msi
+ 2011-08-25 09:18 . 2011-08-25 09:18 49152 c:\windows\Installer\9add10.msi
+ 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi
+ 2011-08-14 11:32 . 2011-08-14 11:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
+ 2011-08-14 11:32 . 2011-08-14 11:32 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll
+ 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2011-08-25 09:45 . 2011-08-25 09:45 483840 c:\windows\Installer\b8eaa.msi
+ 2011-08-25 09:45 . 2011-08-25 09:45 301056 c:\windows\Installer\b8ea4.msi
+ 2011-08-25 09:16 . 2011-08-25 09:16 785920 c:\windows\Installer\9add07.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712]
R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.147.80.30 195.56.172.157
FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 17:06
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2011-08-25 17:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 15:18
ComboFix2.txt 2011-08-24 17:38
ComboFix3.txt 2011-08-14 09:10
ComboFix4.txt 2011-08-12 15:12
.
Pre-Run: 4 016 627 712 bájt szabad
Post-Run: 3 873 955 840 bájt szabad
.
- - End Of File - - 475AA49F0F58C24263A96E6ADF478E0F


csüt. aug. 25, 2011 16:22
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Igen mert ez csak tele szemeteli a gepet, es a combofix scriptbe bele raktam hogy torolje le a combofix, tehat futtasd a combofixet a scriptel ahogy leirtam. a logot tedd ide


csüt. aug. 25, 2011 14:14
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
stell , nem tudom hogy hogyan vagy miért, de a microsoft security essentials újraéledt és megint működik. biztosan töröljem?


csüt. aug. 25, 2011 13:38
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
igen,,


csüt. aug. 25, 2011 10:44
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
a combofix nem fut le, csináljam csökkentett módban :hm:


csüt. aug. 25, 2011 10:42
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara.
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide.
Kód:
KILLALL::
SecCenter::
{BCF43643-A118-4432-AEDE-D861FCBCFCDF}
Folder::
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures
c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures
c:\documents and settings\Default User\IETldCache
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E01734B6-F72D-4B0E-8053-28FA89CFD579}
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup
c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures
c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures
c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures
c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures
c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures
c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures
c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures
c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures
c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures
c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware
Driver::
MpKsl0c29a34b
MpKsl15defb2b
MpKsl19fd8693
MpKsl2e809b33
MpKsl37b02d4c
MpKsl3f652946
MpKsl480d34f2
MpKsl5d15a75e
MpKsl6f5d6229
MpKsl889ababc
MpKsl8acb86c7
MpKsl8f16cb61
MpKsl916d6e3c
MpKsl967d1f4c
MpKsl9d929b10
MpKslcc13e5ed
MpKsld7ee844b
MpKsle565bb83
MpKsle66e30f7
MpKsledab6ba5
MpKslf3edb394
MpKslf80a10ca
gupdate
gupdatem


szer. aug. 24, 2011 19:49
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
a zone alarmot leszedtem

ComboFix 11-08-24.03 - Buci 011.08.24. 19:16:03.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.328 [GMT 2:00]
Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 11:59 . 2011-08-24 11:59 -------- d-----w- c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures
2011-08-24 09:37 . 2011-08-24 09:37 -------- d-----w- c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures
2011-08-24 08:34 . 2011-08-24 10:39 -------- d-----w- c:\windows\system32\NtmsData
2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\documents and settings\Buci\Application Data\Avira
2011-08-24 08:03 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-24 08:03 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-24 08:03 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-24 08:03 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\program files\Avira
2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-24 07:45 . 2011-08-24 07:58 59120008 ----a-w- C:\avira_antivir_personal_en.exe
2011-08-23 19:17 . 2011-08-23 19:17 -------- d-----w- c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures
2011-08-23 18:13 . 2011-08-23 18:14 -------- d-----w- c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures
2011-08-23 18:00 . 2011-08-23 18:00 -------- d-----w- c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures
2011-08-23 17:43 . 2011-08-23 17:43 -------- d-----w- c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures
2011-08-23 17:40 . 2011-08-23 17:40 -------- d-----w- c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures
2011-08-23 17:36 . 2011-08-23 17:37 -------- d-----w- c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures
2011-08-23 17:31 . 2011-08-23 17:31 -------- d-----w- c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures
2011-08-23 11:11 . 2011-08-23 11:11 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-08-23 11:10 . 2011-08-23 11:10 -------- d-----w- c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures
2011-08-23 07:51 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E01734B6-F72D-4B0E-8053-28FA89CFD579}\mpengine.dll
2011-08-15 16:49 . 2011-08-15 16:49 -------- d-----w- C:\_OTL
2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes
2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads
2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint
2011-08-09 21:15 . 2011-08-24 16:51 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit
2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-08-09 21:01 . 2011-08-24 16:52 -------- d-----w- c:\program files\CheckPoint
2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro
2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 11:32 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2010-11-06 15:56 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-28 12:04 . 2011-05-08 05:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-24 16:53 . 2011-08-24 16:53 16384 c:\windows\Temp\Perflib_Perfdata_678.dat
- 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2011-01-28 21:10 . 2010-02-22 14:27 18296 c:\windows\system32\spmsg.dll
+ 2011-01-28 21:10 . 2010-07-05 13:19 18296 c:\windows\system32\spmsg.dll
+ 2011-08-24 08:03 . 2010-06-17 13:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi
+ 2011-08-14 11:32 . 2011-08-14 11:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
+ 2011-08-14 11:32 . 2011-08-14 11:32 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll
+ 2011-08-24 11:57 . 2011-08-24 11:57 301056 c:\windows\Installer\eff846.msi
+ 2011-08-23 11:10 . 2011-08-12 02:44 7152464 c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpengine.dll
+ 2011-08-23 17:36 . 2011-08-12 02:44 7152464 c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpengine.dll
+ 2011-08-23 18:00 . 2011-08-12 02:44 7152464 c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpengine.dll
+ 2011-08-23 17:43 . 2011-08-12 02:44 7152464 c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpengine.dll
+ 2011-08-24 11:59 . 2011-08-12 02:44 7152464 c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpengine.dll
+ 2011-08-24 09:37 . 2011-08-12 02:44 7152464 c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpengine.dll
+ 2011-08-23 19:17 . 2011-08-12 02:44 7152464 c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpengine.dll
+ 2011-08-23 17:31 . 2011-08-12 02:44 7152464 c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpengine.dll
+ 2011-08-23 18:13 . 2011-08-12 02:44 7152464 c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpengine.dll
+ 2011-08-23 17:40 . 2011-08-12 02:44 7152464 c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpengine.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011.08.24. 10:03 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.08.12. 21:17 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712]
R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925]
S1 MpKsl0c29a34b;MpKsl0c29a34b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys [?]
S1 MpKsl15defb2b;MpKsl15defb2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys [?]
S1 MpKsl19fd8693;MpKsl19fd8693;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys [?]
S1 MpKsl2e809b33;MpKsl2e809b33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys [?]
S1 MpKsl37b02d4c;MpKsl37b02d4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys [?]
S1 MpKsl3f652946;MpKsl3f652946;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys [?]
S1 MpKsl480d34f2;MpKsl480d34f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys [?]
S1 MpKsl5d15a75e;MpKsl5d15a75e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys [?]
S1 MpKsl6f5d6229;MpKsl6f5d6229;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys [?]
S1 MpKsl889ababc;MpKsl889ababc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys [?]
S1 MpKsl8acb86c7;MpKsl8acb86c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys [?]
S1 MpKsl8f16cb61;MpKsl8f16cb61;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys [?]
S1 MpKsl916d6e3c;MpKsl916d6e3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0C84B86-0F88-4063-A552-1AB41F72F112}\MpKsl916d6e3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0C84B86-0F88-4063-A552-1AB41F72F112}\MpKsl916d6e3c.sys [?]
S1 MpKsl967d1f4c;MpKsl967d1f4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys [?]
S1 MpKsl9d929b10;MpKsl9d929b10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys [?]
S1 MpKslcc13e5ed;MpKslcc13e5ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys [?]
S1 MpKsld7ee844b;MpKsld7ee844b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys [?]
S1 MpKsle565bb83;MpKsle565bb83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys [?]
S1 MpKsle66e30f7;MpKsle66e30f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys [?]
S1 MpKsledab6ba5;MpKsledab6ba5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys [?]
S1 MpKslf3edb394;MpKslf3edb394;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys [?]
S1 MpKslf80a10ca;MpKslf80a10ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys [?]
S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176]
S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MSMPSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.147.80.30 195.56.172.157
FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 19:32
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-24 19:38:39
ComboFix-quarantined-files.txt 2011-08-24 17:38
ComboFix2.txt 2011-08-14 09:10
ComboFix3.txt 2011-08-12 15:12
.
Pre-Run: 4 180 860 928 bájt szabad
Post-Run: 4 260 429 824 bájt szabad
.
- - End Of File - - 82C8B518D22814BE02D5B6BCA575E6A0

A firefox most működik


szer. aug. 24, 2011 18:43
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Szed le ezt a ZoneAlarm tuzfalat is, es tedd ide a combofix logjat
http://www.virus-stell.com/2010/04/combofix.html


szer. aug. 24, 2011 13:51
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
a gépem hihetetlenül lassú lett, a security essentialst pedig 1 hiba miatt nem engedi eltávolítani


szer. aug. 24, 2011 12:49
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
:1>>security essentials<<szed le a geprol, es rakd fel az FREEE AVIRAT. Avira AntiVir Personal - Free Antivirus
http://www.avira.com/en/avira-free-antivirus
2:Windows Tuzfal ot van a ZoneAlarm, ezert a Windows tuzfalat nem kell kapcsolgatni se ki se be, ,ugy se er semmit se.
Kiprobalni.


szer. aug. 24, 2011 7:38
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
bekapcsoltam a gépem és eldobtam az agyam :(
a microsoft security essentials egyszerűen nem indul el :shock:
egyszer sikerült megnyitnom és és azt írta hogy nem eredeti a program, pedig biztos az :x
a frissítéseket pedig nem engedi valami telepíteni :jajne:
http://kepfeltoltes.hu/view/110823/4825 ... es.hu_.jpg
a windows tűzfalat pedig minden indításkor újra be kell kapcsolnom pedig azt írja be van kapcsolva :huha:
az MBAM pedig semmi vírust nem talált
most mit tegyek :cry: ?


kedd aug. 23, 2011 19:32
Profil Privát üzenet küldése
gyémánt tag
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 1520
Hozzászólás Re: Vírus vagy mi lehet???
Sziasztok!

Nem találtam igazán témába vágó topikot (mert nem vírusról van szó szerintem) ezért ide írok.

Szóval van egy freeweb.hu-s oldalam. És ott ha ftp-vel csatlakozom olyan fájlok vannak, amiket nme én töltöttem fel.
ilyenek (171 Byte mindegyik):
AnthonyMoore43.html
CarlBrown40.html
stb

a html file ezt tartalmazza:
<meta http-equiv="Refresh" content="0; URL=http://7daily-job.net/finance-news7/"><html><script>parent.location.href='http://7daily-job.net/finance-news7/'</script></html>

Hogy kerülhettek ezek a fájlok a tárhelyemre?

Mindenesetre most letörlöm ezeket.


kedd aug. 23, 2011 9:00
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
C:\Program Files\Crawler\Toolbar\ctbr.dll moved successfully.
HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\bluu.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
C:\WINDOWS\002576_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\SET3A.tmp deleted successfully.
C:\WINDOWS\System32\SET3F.tmp deleted successfully.
C:\WINDOWS\tasks\MpIdleTask.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe moved successfully.
C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt moved successfully.
File C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Buci
->Temp folder emptied: 5649702 bytes
->Temporary Internet Files folder emptied: 38846094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49589672 bytes
->Flash cache emptied: 848 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 2026072 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 3273692 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7234579 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.4 log created on 08152011_184902

Files\Folders moved on Reboot...
C:\Documents and Settings\Buci\Local Settings\Temp\~DFFB3D.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT06bca.TMP not found!

Registry entries deleted on Reboot...
------------------

a gép jónak tünik de sajnos a firefox még mindig nem működik :cry: . ha törölném és újra letölteném az megoldaná?
elfelejtettem mondani hogy 16-án nyáritáborba kell mennem, de addig amíg ott vagyok nem fog senki se a géphez nyúlni. csak jövőhét hétfőn fogok hazaérkezni
minden segítséget nagyon szépen köszönök


hétf. aug. 15, 2011 18:13
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Futtasd ujbol az OTL programot, az ablakjaba masold be a textet, es most vigyaz.Most benyomod a RunFix gombot,
a logot a restart utan tedd ide, es probald ki a gepet es ird le mi a helyzet.
Kód:
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.11.06 18:27:21 | 000,000,000 | ---D | M]
[2011.05.08 07:53:33 | 000,002,933 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bluu.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011.08.15 10:44:19 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 10:44:14 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.01.30 11:56:29 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe
[2011.07.30 12:25:21 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt
[2011.07.30 12:25:21 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =-
:Commands
[emptytemp]
[clearallrestorepoints]
[start explorer]
[Reboot]


hétf. aug. 15, 2011 11:58
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
< MD5 for: SVCHOST.EXE >
[2008.04.14 18:02:30 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=05194D8A92CF7E559C1A38FC134C966A -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 18:02:30 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=05194D8A92CF7E559C1A38FC134C966A -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 18:02:30 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=05194D8A92CF7E559C1A38FC134C966A -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 18:02:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B0DDDFC8361952B956EF9475244F40BD -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 18:02:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B0DDDFC8361952B956EF9475244F40BD -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 18:02:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B0DDDFC8361952B956EF9475244F40BD -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 18:02:32 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=15D1D956D9F01E51E6623EDB31EA43B6 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 18:02:32 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=15D1D956D9F01E51E6623EDB31EA43B6 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 18:02:32 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=15D1D956D9F01E51E6623EDB31EA43B6 -- C:\WINDOWS\system32\winlogon.exe
[2004.08.18 14:00:00 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 18:02:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=EA551E1AB5BA99DA3397517BDD278E94 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 18:02:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=EA551E1AB5BA99DA3397517BDD278E94 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 18:02:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=EA551E1AB5BA99DA3397517BDD278E94 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.04.14 21:09:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.04.14 21:09:14 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.04.14 21:09:14 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.08.14 13:32:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2011.08.12 16:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Unicode (All) ==========
[2011.07.30 12:25:21 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt
[2011.07.30 12:25:21 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt

< End of report >


hétf. aug. 15, 2011 11:09
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
otl.txt

OTL logfile created on: 2011.08.15. 10:40:18 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buci\Asztal
Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

511,49 Mb Total Physical Memory | 224,91 Mb Available Physical Memory | 43,97% Memory free
1,97 Gb Paging File | 1,45 Gb Available in Paging File | 73,47% Paging File free
Paging file location(s): D:\pagefile.sys 1536 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 5,53 Gb Free Space | 37,79% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 56,98 Gb Free Space | 95,17% Space Free | Partition Type: NTFS

Computer Name: SZAMITOGEP | User Name: Buci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
PRC - [2011.07.08 07:55:36 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.16 18:22:36 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.06.16 18:20:10 | 000,071,824 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.05.30 13:39:02 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.05.30 13:39:00 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.16 18:22:36 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.05.30 13:39:02 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.04.14 20:41:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011.08.15 10:28:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C86A340E-4B72-423C-AA5E-0FF24943D492}\MpKsl3ed45888.sys -- (MpKsl3ed45888)
DRV - [2011.07.08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.16 18:20:10 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.05.30 13:38:54 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2004.08.17 16:19:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.05.06 05:15:18 | 000,020,156 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2001.08.17 22:13:12 | 000,016,925 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w940nd.sys -- (w89c940)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.11.06 18:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.08.10 10:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 14:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 19:16:09 | 000,000,000 | ---D | M]

[2009.09.24 11:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Extensions
[2009.07.05 15:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011.08.11 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions
[2011.08.11 13:34:36 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}
[2011.08.07 09:19:25 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011.05.08 07:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\nostmp
[2011.06.23 11:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.16 12:30:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.23 11:18:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.28 14:04:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.08 07:53:33 | 000,002,933 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bluu.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.05.01 06:33:28 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.05.08 07:53:33 | 000,000,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-hu.xml
[2011.05.01 06:33:28 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\polymeta.xml
[2011.05.08 07:53:33 | 000,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2011.05.08 07:53:33 | 000,000,974 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml
[2011.05.08 07:53:33 | 000,001,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml

O1 HOSTS File: ([2011.08.14 10:50:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/sho ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.147.80.30 195.56.172.157
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.14 19:24:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.14 18:44:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.08.14 17:26:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011.08.12 21:33:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Buci\Recent
[2011.08.12 21:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Application Data\Malwarebytes
[2011.08.12 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.12 21:17:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.12 21:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.08.12 21:16:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.12 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.12 21:08:13 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Buci\Asztal\mbam-setup.exe
[2011.08.12 16:25:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.08.12 16:20:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.12 16:20:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.12 16:20:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.12 16:20:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.12 16:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.12 16:19:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.12 14:54:04 | 004,171,976 | R--- | C] (Swearware) -- C:\Documents and Settings\Buci\Asztal\ComboFix.exe
[2011.08.12 11:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\rsit
[2011.08.12 11:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Downloads
[2011.08.10 10:54:16 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011.08.10 10:43:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011.08.09 23:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Dokumentumok\ForceField Shared Files
[2011.08.09 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Application Data\CheckPoint
[2011.08.09 23:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.08.09 23:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Local Settings\Application Data\ZoneAlarm_Security_Suite
[2011.08.09 23:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Local Settings\Application Data\Conduit
[2011.08.09 23:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security_Suite
[2011.08.09 23:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011.08.09 23:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011.08.09 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011.08.09 21:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.09 15:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011.08.09 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011.08.09 15:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011.08.09 15:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.08.07 19:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\klánlogo
[2011.07.18 20:08:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.07.18 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\vbs-bat progik
[2011.07.18 15:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\vbs-bat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011.08.15 10:44:19 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 10:44:14 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
[2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.08.15 10:27:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.14 13:32:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.08.14 10:50:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.08.14 10:28:37 | 004,171,976 | R--- | M] (Swearware) -- C:\Documents and Settings\Buci\Asztal\ComboFix.exe
[2011.08.14 10:21:07 | 000,555,008 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\RogueKiller.exe
[2011.08.12 21:17:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.08.12 21:17:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk
[2011.08.12 21:11:15 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Buci\Asztal\mbam-setup.exe
[2011.08.12 16:25:11 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2011.08.12 16:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.12 16:09:53 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2011.08.12 11:29:30 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\RSIT.exe
[2011.08.10 13:49:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.09 23:31:11 | 000,411,107 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.08.09 23:15:42 | 000,000,139 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2011.08.09 20:50:10 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011.08.09 15:34:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\CCleaner.lnk
[2011.07.27 17:36:11 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\Microsoft Office Word 2003.lnk
[2011.07.25 17:09:21 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011.07.19 13:55:50 | 000,008,937 | ---- | M] () -- C:\Documents and Settings\Buci\Dokumentumok\Kedvenc téma.Theme
[2011.07.19 09:36:26 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Buci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.15 10:35:19 | 000,579,584 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe
[2011.08.14 10:19:12 | 000,555,008 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\RogueKiller.exe
[2011.08.12 21:17:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.08.12 21:17:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk
[2011.08.12 16:25:11 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2011.08.12 16:25:05 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2011.08.12 16:20:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.12 16:20:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.12 16:20:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.12 16:20:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.12 16:20:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.12 11:26:41 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\RSIT.exe
[2011.08.09 23:21:10 | 000,411,107 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011.08.09 15:42:23 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2011.08.09 15:34:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\CCleaner.lnk
[2011.08.09 15:33:04 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.09 15:33:03 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.19 13:55:49 | 000,008,937 | ---- | C] () -- C:\Documents and Settings\Buci\Dokumentumok\Kedvenc téma.Theme
[2011.06.28 09:46:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2011.06.22 15:26:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WA.INI
[2011.06.19 08:49:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.20 15:51:26 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010.12.14 19:23:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TC.INI
[2010.12.14 19:19:58 | 000,246,784 | ---- | C] () -- C:\WINDOWS\UN160407.EXE
[2009.07.05 15:23:09 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.06.24 09:43:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.22 22:21:29 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Buci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.14 21:46:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.14 21:28:06 | 000,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.14 21:13:17 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.04.14 21:10:22 | 001,482,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.04.14 20:36:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009.04.14 20:36:55 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009.04.14 20:36:54 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.14 20:36:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.14 20:36:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.04.14 20:09:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.04.14 20:09:32 | 000,004,437 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009.04.14 19:44:25 | 000,003,005 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.04.14 19:34:03 | 000,020,156 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2009.04.14 19:28:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.04.14 19:21:13 | 000,021,948 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 14:00:00 | 000,303,356 | ---- | C] () -- C:\WINDOWS\System32\perfh00E.dat
[2004.08.18 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 14:00:00 | 000,264,338 | ---- | C] () -- C:\WINDOWS\System32\perfi00E.dat
[2004.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 14:00:00 | 000,057,716 | ---- | C] () -- C:\WINDOWS\System32\perfc00E.dat
[2004.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 14:00:00 | 000,043,990 | ---- | C] () -- C:\WINDOWS\System32\perfd00E.dat
[2004.08.18 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.18 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009.04.14 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011.08.09 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2009.04.14 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ACD Systems
[2011.03.15 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Blender Foundation
[2011.08.09 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\CheckPoint
[2009.04.22 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\COWON
[2010.12.11 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ImgBurn
[2011.02.24 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\iSpring Solutions
[2009.04.18 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\KompoZer
[2011.01.24 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\LimeWire
[2010.12.11 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\MusicIP
[2011.05.19 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\OpenCandy
[2011.01.24 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\pokerth
[2011.01.30 11:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\SendSpace
[2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 18:02:12 | 000,015,360 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009.04.14 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011.03.03 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.10.18 11:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2011.08.09 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011.08.12 21:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.30 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011.02.09 18:21:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.04.14 20:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011.02.11 18:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.03.16 12:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.09.30 08:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.09.21 20:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\AcrobatUpdater.exe
[2010.09.21 20:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\AdobeARM.exe
[2010.09.21 20:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\ReaderUpdater.exe

< %APPDATA%\*. >
[2009.04.14 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ACD Systems
[2011.02.20 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Adobe
[2011.03.15 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Blender Foundation
[2011.08.09 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\CheckPoint
[2009.04.22 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\COWON
[2010.12.06 22:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Help
[2009.04.14 19:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Identities
[2010.12.11 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ImgBurn
[2011.02.24 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\iSpring Solutions
[2009.04.18 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\KompoZer
[2011.01.24 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\LimeWire
[2009.05.23 21:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Macromedia
[2011.08.12 21:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Malwarebytes
[2011.08.09 15:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Media Player Classic
[2011.04.22 16:28:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Buci\Application Data\Microsoft
[2011.01.15 20:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\mIRC
[2009.09.24 11:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Mozilla
[2010.12.11 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\MusicIP
[2009.04.17 07:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Nero
[2011.05.19 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\OpenCandy
[2011.01.24 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\pokerth
[2009.05.30 13:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Real
[2011.01.30 11:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\SendSpace
[2011.02.11 14:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\skypePM
[2009.07.05 15:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Sun
[2009.04.14 20:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Talkback
[2009.04.14 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2009.07.05 15:56:27 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009.07.05 15:56:28 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009.07.05 15:56:28 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009.07.05 15:56:28 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.07.05 15:56:28 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009.07.05 15:56:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.07.05 15:56:28 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009.07.05 15:56:29 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.07.05 15:56:30 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010.09.01 15:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2011.05.19 17:14:57 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\OpenCandy\OpenCandy_7B3A6BBE1A944741A1FD9613005D549E\LatestDLMgr.exe
[2011.01.30 11:56:29 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\cmdcons\autochk.exe
[2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 14:00:00 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=9E8636075B6F0F16C8724E12EC084F2C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004.08.18 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\explorer.exe
[2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: ISAPNP.SYS >
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 17:40:20 | 000,037,504 | ---- | M] (Microsoft Corporation) MD5=3685529CAA2B14C9632E85E265BA293B -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 17:40:20 | 000,037,504 | ---- | M] (Microsoft Corporation) MD5=3685529CAA2B14C9632E85E265BA293B -- C:\WINDOWS\system32\drivers\isapnp.sys
[2004.08.18 14:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:47:21 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=EDA679C0437291C5E283466E91F86F8D -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:21 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=EDA679C0437291C5E283466E91F86F8D -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\system32\scecli.dll
[2004.08.18 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 18:02:29 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=A03C3BF7E45ECC9775D3CE653086FAA1 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 18:02:29 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=A03C3BF7E45ECC9775D3CE653086FAA1 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE


hétf. aug. 15, 2011 11:07
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
extras.txt

OTL Extras logfile created on: 2011.08.15. 10:40:18 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buci\Asztal
Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

511,49 Mb Total Physical Memory | 224,91 Mb Available Physical Memory | 43,97% Memory free
1,97 Gb Paging File | 1,45 Gb Available in Paging File | 73,47% Paging File free
Paging file location(s): D:\pagefile.sys 1536 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 5,53 Gb Free Space | 37,79% Space Free | Partition Type: NTFS
Drive D: | 59,87 Gb Total Space | 56,98 Gb Free Space | 95,17% Space Free | Partition Type: NTFS

Computer Name: SZAMITOGEP | User Name: Buci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B97B645-6C43-4BE7-8E73-4941D8841A29}" = ZoneAlarm Security
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live feltöltőeszköz
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{257A92C3-7E41-4678-9144-6920F4289D0F}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5007F899-36E1-410D-9E82-A62F4A281A57}" = Microsoft Antimalware Service HU-HU Language Pack
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5FA49211-47D3-47C4-9050-684B9972E607}" = ZoneAlarm Firewall
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{642EAFE2-3C9C-42CD-A43D-490DC1249A8A}" = Microsoft Antimalware Service HU-HU Language Pack
"{6850DD2F-1DDC-4438-95DC-03CFBC0405FB}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733EB793-0840-4D69-97AA-6934FC79DB16}" = Windows Live bejelentkezési segéd
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client HU-HU Language Pack
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A98C71-A900-44E7-AD98-70E6368FB4D0}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1038-7B44-A94000000001}" = Adobe Reader 9.4.5 - Hungarian
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{E66F3AFD-643B-4001-A3B3-35616CCFECEA}" = Adobe Photoshop CS3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_6ba4f64693cf3ffde4382ffeebd542f" = Adobe Photoshop CS3
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"FotoMorph" = Digital Photo Software FotoMorph 12.2
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.20
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware 1.51.1.1800 verzió
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0 (x86 hu)" = Mozilla Firefox 5.0 (x86 hu)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro 8.1.1.0
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Pro" = ZoneAlarm Pro
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011.08.13. 10:05:43 | Computer Name = SZAMITOGEP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8107.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 1 _ 512, P7 10 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2011.08.13. 10:09:39 | Computer Name = SZAMITOGEP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8107.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 1 _ 512, P7 10 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2011.08.13. 12:03:24 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

Error - 2011.08.14. 3:54:51 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

Error - 2011.08.14. 4:09:11 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

Error - 2011.08.14. 4:55:55 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

Error - 2011.08.14. 7:29:46 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

Error - 2011.08.14. 7:30:51 | Computer Name = SZAMITOGEP | Source = WmiAdapter | ID = 4099
Description = A szolgáltatás megnyitása sikertelen.

Error - 2011.08.14. 11:21:05 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

Error - 2011.08.15. 4:28:26 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004
Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai
nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van.

[ System Events ]
Error - 2011.08.14. 4:51:36 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2

Error - 2011.08.14. 4:51:37 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001
Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól,
amely a következő hiba miatt nem tudott elindulni: %%2

Error - 2011.08.14. 7:29:45 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2

Error - 2011.08.14. 7:29:45 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001
Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól,
amely a következő hiba miatt nem tudott elindulni: %%2

Error - 2011.08.14. 7:30:53 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7009
Description = Várakozó időkorlát (30000 ms) - a(z) WMI teljesítményadapter szolgáltatás
kapcsolódása.

Error - 2011.08.14. 7:30:53 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (WMI teljesítményadapter) a következő hiba következtében
leállt: %%1053

Error - 2011.08.14. 11:21:04 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2

Error - 2011.08.14. 11:21:04 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001
Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól,
amely a következő hiba miatt nem tudott elindulni: %%2

Error - 2011.08.15. 4:28:25 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2

Error - 2011.08.15. 4:28:25 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001
Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól,
amely a következő hiba miatt nem tudott elindulni: %%2


< End of report >


hétf. aug. 15, 2011 10:56
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Letolteni az asztalra>OTListIt2>> http://oldtimer.geekstogo.com/OTL.exe
-Futatni
-bepipazni
-Scan all users.
-Lop check.
-Purity check.
-v sekciobaExtra Registry>bepotyozni>Use SafeList
-az ablakjaba -customscan/fixes masold be a textet-es klik RUNSCAN
-5-10 perc mulva add logot tedd ide
-OTL.txt (az asztalon lesz).
-exras.txt-a talcan lesz.

Kód:
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT


vas. aug. 14, 2011 18:51
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
a firefoxal ugyanaz a helyzet, megnyílik de pár másodperc múlva már nem reagál semmire. 5-10 percenként állandóan kapok egy ilyen üzenetet:

Malwarebytes' Anti-Malware
Hozzáférés sikeresen blokkolásra került potenciálisan rosszindulató webhelyhez: 64.135.77.30
Tipus: kimenő

viszont a gépem érezhetően gyorsabb lett


vas. aug. 14, 2011 17:53
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Na mi van??, van e javulas???ird meg, mert kristaj gombom nincsen :hm:


vas. aug. 14, 2011 15:39
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
a rogue killer logjai

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Buci [Admin rights]
Mode: Remove -- Date : 08/14/2011 10:21:28

Bad processes: 0

Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



-----

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Buci [Admin rights]
Mode: HOSTSFix -- Date : 08/14/2011 10:22:10

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



-----

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Buci [Admin rights]
Mode: ProxyFix -- Date : 08/14/2011 10:22:19

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

-----

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Buci [Admin rights]
Mode: DNSFix -- Date : 08/14/2011 10:22:27

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



-----

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version
Started in : Safe mode with network support
User: Buci [Admin rights]
Mode: Shortcuts HJfix -- Date : 08/14/2011 10:25:11

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 97 / Fail 0
My documents: Success 6 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 701 / Fail 2
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt


vas. aug. 14, 2011 10:25
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
a combofix logja

ComboFix 11-08-14.02 - Buci 011.08.14. 10:34:03.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.282 [GMT 2:00]
Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Buci\Asztal\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SP_RSDRV2
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 08:51 . 2011-08-14 08:51 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl393531fb.sys
2011-08-13 13:10 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\mpengine.dll
2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes
2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads
2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint
2011-08-09 21:16 . 2011-08-09 21:16 -------- d-----w- c:\program files\Conduit
2011-08-09 21:15 . 2011-08-11 11:50 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\ZoneAlarm_Security_Suite
2011-08-09 21:15 . 2011-08-11 11:50 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit
2011-08-09 21:15 . 2011-08-09 21:16 -------- d-----w- c:\program files\ZoneAlarm_Security_Suite
2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-08-09 21:01 . 2011-08-09 21:05 -------- d-----w- c:\program files\CheckPoint
2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro
2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:55 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2010-11-06 15:56 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-28 12:04 . 2011-05-08 05:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-14 08:51 . 2011-08-14 08:51 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-06-16 71824]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-05-30 738944]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 MpKsl393531fb;MpKsl393531fb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl393531fb.sys [2011.08.14. 10:51 28752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011.05.30. 13:38 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2011.05.30. 13:39 493184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.08.12. 21:17 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712]
R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925]
S1 MpKsl0c29a34b;MpKsl0c29a34b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys [?]
S1 MpKsl15defb2b;MpKsl15defb2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys [?]
S1 MpKsl19fd8693;MpKsl19fd8693;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys [?]
S1 MpKsl2e809b33;MpKsl2e809b33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys [?]
S1 MpKsl37b02d4c;MpKsl37b02d4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys [?]
S1 MpKsl3f652946;MpKsl3f652946;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys [?]
S1 MpKsl480d34f2;MpKsl480d34f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys [?]
S1 MpKsl5d15a75e;MpKsl5d15a75e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys [?]
S1 MpKsl6f5d6229;MpKsl6f5d6229;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys [?]
S1 MpKsl889ababc;MpKsl889ababc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys [?]
S1 MpKsl8acb86c7;MpKsl8acb86c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys [?]
S1 MpKsl8f16cb61;MpKsl8f16cb61;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys [?]
S1 MpKsl967d1f4c;MpKsl967d1f4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys [?]
S1 MpKsl9d929b10;MpKsl9d929b10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys [?]
S1 MpKslcc13e5ed;MpKslcc13e5ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys [?]
S1 MpKsld7ee844b;MpKsld7ee844b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys [?]
S1 MpKsle565bb83;MpKsle565bb83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys [?]
S1 MpKsle66e30f7;MpKsle66e30f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys [?]
S1 MpKsledab6ba5;MpKsledab6ba5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys [?]
S1 MpKslf3edb394;MpKslf3edb394;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys [?]
S1 MpKslf80a10ca;MpKslf80a10ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys [?]
S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176]
S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL393531FB
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-09 13:32]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-09 13:32]
.
2011-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-08-14 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.147.80.30 195.56.172.157
FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 10:52
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(496)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(552)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2011-08-14 11:10:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-14 09:09
ComboFix2.txt 2011-08-12 15:12
.
Pre-Run: 5 973 786 624 bájt szabad
Post-Run: 5 921 320 960 bájt szabad
.
- - End Of File - - 5AD1668C5D41C03C30C29CABEF475E56


vas. aug. 14, 2011 10:21
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
1: Indítsa újra a számítógépet Csökkentett mód hálózattal.
a:) Ha indul a számítógép, nyomja meg az F8 és tartsa lenyomva.
b:) Meg kell nyomni az F8 hamarabb mint a Windows logó megjelenik.
c:) Ha megjelenik a Windows logó, akkor Indítsa újra a számítógépet, és ismételje meg az F8 újra.
d:) A képernyőn a nyílbillentyűkkel jelölje ki a kívánt opciót Csökkentett mód hálózattal , majd nyomja le az ENTER billentyűt.


szomb. aug. 13, 2011 17:23
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: csüt. aug. 11, 2011 13:19
Hozzászólások: 21
Hozzászólás Re: Vírus vagy mi lehet???
hogyan kell csökkentett módba menni a hálózattal?
(a zone alarm most újra működik)


szomb. aug. 13, 2011 17:13
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
nem kell varni orakat, ha nem futt le CC 20,30 mulva akkor irni

Igen az Malwarebytes blokol igen sok karos Ip cimet.

Lemesz csokkentet modba a halozatall/
letoltod az RogueKillert az asztalra
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Futtatod>>nyomod a bilenntyun az 2 szamot, es az Entert>.ad logot tedd ide, aztan ujbol futtatod, nyod a 3 szmaot, es enter< logot tedd ide, aztan ugyanigy az 4,5,6 szamokat,logokat ide.
Es most itten csokkentet modban megcsinalod a combofixel ujbol a scriptet ahogy leirtam.,logot tedd ide.


szomb. aug. 13, 2011 15:36
Profil Privát üzenet küldése Honlap
Hozzászólások megjelenítése:  Rendezés  
Hozzászólás a témához   [ 1736 hozzászólás ]  Oldal Előző  1, 2, 3, 4, 5, 6, 7 ... 35  Következő

Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 6 vendég


Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Keresés:
Ugrás:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség