nincsen mit
udv

Következő ujrainditásnál már nem írt hibaüzenetet, és semmiféle hibát nem észlekek, ugyhogy ugyancsak megköszönni tudom a segítségedet

en nemtudom hogy mi mindent toroltel a CCleaneral,,a haladot nemszabad bantani,,ha nemtudod kerdezni kell,es azt se tudom hogy milyen programot keres a windows,nemirod,

Lefuttattam a CCleanert és azt a mailware írtót. CCleaner talált 1GB nyi szemetet, azt törölte, a mailware irtó nem talált semmit. Este újra bekapcsoltam a gépet, ere azt írja, hogy nem találja a C:\Program fájlt, leokézom, de betölt a rendszer. Ötlet esetleg, hogy mi ez?

ha a gep renben van mar nem kel nekem semi log
udv
nincsen mit koszonod

rendben innentől megy. Köszönöm szépen az eddigi segítségedet, azt a maradék logolt meg még postolom!

1:combofix-nemmuszaj kikapcsolni eleg le ok-ezni,
2:job klik sajat gep-tulalydonsaga-FUL-rendszerviszaalitas-bepipazni,,kikapcsolni a rendszer viszaalitasat minden meghalyton,,ok,hasznalni-restart a restart utan aztan kiveni a pipat ,,ok
enyi az egesz,

Pontosítok: 2pont-->rendszervisszaállítással mit kéne csinálnom?

a combfix uninstalljánál is ki kell kapcsolni a tüzfalat iletve a vírusirtót, mert nekem azt kéri.

a 2. pontot pedig tudnád részletezni, mert nem egészen értem(laikus vagyok)

ok,start futatas beirod combofix /uninstall ok
kikapcsolni a rendszer viszaalitasat-restart es bekapcsolni visza,,
Kipucolni a gepet CCleaneral
Lefutatni a MALWAREBYTES programot,,tellyes skan,,a logot torles elot ide tenni,
http://www.download.com/Malwarebytes-An ... tag=button

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

http://www2.gmer.net/mbr/mbr.exe
tolds le az asztalra =futasd rogton ad logot ted ide,,
es meglasuk,

Lefuttattam a Comfixet, mondjuk nem indult újra a gép, de kiadta ezt: log.txt

ComboFix 09-11-06.03 - Hahner Krisztián 009.11.07. 15:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.1023.719 [GMT 1:00]
Running from: f:\programok\Logger\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091107-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 14:13 . 2009-11-07 14:13 -------- d--h--w- c:\windows\$hf_mig$
2009-11-07 12:55 . 2009-11-07 12:57 -------- d-----w- c:\program files\trend micro
2009-11-07 12:55 . 2009-11-07 12:57 -------- d-----w- C:\rsit
2009-11-07 11:54 . 2009-11-07 12:55 -------- d-----w- c:\program files\Browser Hijack Recover
2009-11-06 23:40 . 2009-11-06 23:53 -------- d-----w- c:\program files\RegCure
2009-11-04 20:44 . 2009-11-04 19:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-04 19:39 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-04 19:39 . 2009-11-04 19:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-04 19:37 . 2009-11-04 19:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-04 19:37 . 2009-11-04 19:37 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-04 19:37 . 2009-11-04 19:37 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-04 19:37 . 2009-11-04 19:37 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-04 19:37 . 2009-11-04 19:37 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-04 19:37 . 2009-11-04 19:37 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-04 19:37 . 2009-11-04 19:37 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-04 19:32 . 2009-11-04 19:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-04 19:32 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-04 19:31 . 2009-11-04 19:31 -------- d-----w- c:\program files\Lavasoft
2009-11-04 13:01 . 2009-11-04 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 15:57 . 2008-10-09 17:20 597 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-11-05 14:36 . 2009-09-17 13:25 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-04 19:29 . 2008-07-05 08:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-04 15:47 . 2008-07-05 08:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-04 15:06 . 2009-02-27 16:01 -------- d-----w- c:\program files\DivX
2009-11-04 13:22 . 2003-04-25 12:00 73652 ----a-w- c:\windows\system32\perfc00E.dat
2009-11-04 13:22 . 2003-04-25 12:00 331686 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-04 19:44 . 2008-12-24 15:19 118407 -c--a-w- c:\windows\War3Unin.dat
2009-09-17 18:31 . 2009-09-17 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-17 13:14 . 2009-09-17 13:13 -------- d-----w- c:\program files\Windows Live
2009-09-17 13:14 . 2009-09-17 13:14 -------- d-----w- c:\program files\Microsoft
2009-09-16 18:57 . 2009-09-16 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-09-16 17:37 . 2009-09-16 17:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-17 16:10 . 2008-07-05 08:53 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-07-05 08:53 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-07-05 08:53 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-07-05 09:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-07-05 09:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-07-05 08:53 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-07-05 08:53 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-07-05 08:53 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-07-05 08:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-11 12:31 . 2009-08-11 12:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Games\\Warcraft III\\war3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8324:TCP"= 8324:TCP:BitComet 8324 TCP
"8324:UDP"= 8324:UDP:BitComet 8324 UDP
"1513:UDP"= 1513:UDP:Garena
"1513:TCP"= 1513:TCP:Garena

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009.11.04. 20:39 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008.07.05. 10:05 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007.04.26. 9:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007.04.26. 9:21 72624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008.07.05. 10:05 20560]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007.04.26. 9:21 1234480]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009.08.06. 14:58 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\HAHNER~1\LOCALS~1\Temp\GBZ63.tmp --> c:\docume~1\HAHNER~1\LOCALS~1\Temp\GBZ63.tmp [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009.09.24. 12:17 1179232]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.06.24. 14:59 18816]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:37]

2009-11-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 23:40]

2009-11-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 23:40]
.
.
------- Supplementary Scan -------
.
uWindow Title =
mWindow Title =
FF - ProfilePath - c:\documents and settings\Hahner Krisztián\Application Data\Mozilla\Firefox\Profiles\jarzpe74.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startlap.hu/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 16:02
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867C71F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x867c71f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\HAHNER~1\LOCALS~1\Temp\GBZ63.tmp"
.
Completion time: 2009-11-07 16:05
ComboFix-quarantined-files.txt 2009-11-07 15:05

Pre-Run: 1 883 344 896 bájt szabad
Post-Run: 1 854 951 424 bájt szabad

- - End Of File - - D7299DCA893ACA3E4FDAF5C6D32FA68C

nem futasd a combofixet ugy ahogy leirtam es a loglyat ted ide,

Ja, és csak msot tünt fel, nem jött elő a hibaüzenet? Ezzel meg lenne oldva a probléma?

Feltettem a foltot, restart is megvolt

olvasd a Terminal linket amit az elelyen adtam,,az Otmoveit ok,,azt a foltot fel kel telepitened

Ennek ellenére futtassam a Combfixet?

Lefuttattam az OTMOVEIT-ot, de nem adott logot, vmi hibaüzenetet írt, hogy nem talál valamit, és hogy ezzel nem stimmel valami: MS08-067

Aztán erre az oldalra dobott: http://www.microsoft.com/technet/securi ... 8-067.mspx

netkapcsolatot nemkel kikapcsolni a tuzfalat es a AV-pajzat igen,,de ha megis a combofix kiabalna a virusirtora kel ignoralni es klik ok,

Combfixhez a netkapcsolatot, a vírusírtót(avast) és a tűzfalat(keriopersonafirewall) is kapcsoljam ki?

az OTMOVEIT logja itt van, a többit még futtatom:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61757cbc-88af-11de-936d-000ea6b0aa1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61757cbc-88af-11de-936d-000ea6b0aa1b}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61757cbd-88af-11de-936d-000ea6b0aa1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61757cbd-88af-11de-936d-000ea6b0aa1b}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79d516ac-3fd8-11de-927b-000ea6b0aa1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79d516ac-3fd8-11de-927b-000ea6b0aa1b}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90e8532-da71-11dd-9149-000ea6b0aa1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d90e8532-da71-11dd-9149-000ea6b0aa1b}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Hahner Krisztián
->Temp folder emptied: 1211482745 bytes
->Temporary Internet Files folder emptied: 7631349 bytes
->Java cache emptied: 942789 bytes
->FireFox cache emptied: 96542237 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3214163 bytes
%systemroot%\System32 .tmp files removed: 2855 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_658.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 1288763 bytes
RecycleBin emptied: 3530 bytes

Total Files Cleaned = 1259,97 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.0.0.6 log created on 11072009_143304

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_658.dat not found!

Registry entries deleted on Reboot...

eloszor az OTMOVEIT,,
aztan eleg eztet,lefutatnod ad logot ted ide
http://download.viry.cz/removers/FixDownadup.exe
utana a combofixet,

Szóval csináljak meg mindent ami a link alatt van?

"Arrow folytatod evel:
http://forum.terminal.hu/viewtopic.php?p=922651#922651
a Comficker kiolese,,bekapcsolni a gephez az Pendrivat,Flasht,Usb kulcsot "

letoltodaz OTMOVEIT3 programot,,a balablakba masold be a zold textet es klik MOVEIT,a logot restart utan ted ide
http://oldtimer.geekstogo.com/OTM.exe

folytatod evel:
http://forum.terminal.hu/viewtopic.php?p=922651#922651
a Comficker kiolese,,bekapcsolni a gephez az Pendrivat,Flasht,Usb kulcsot

Az első:

info.txt logfile of random's system information tool 1.06 2009-11-07 13:57:10

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP2000-->C:\WINDOWS\system32\CNMCP66.exe "-PRINTERNAMECanon PIXMA iP2000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmi040e.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Garena-->E:\Games\Warcraft III\Garena\uninst.exe
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
jetAudio Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0xe -removeonly
Kani Warcraft III patch-->"C:\WINDOWS\Kani Warcraft III patch\uninstall.exe" "/U:E:\Games\Warcraft III\Uninstall\uninstall.xml"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office XP Professional és FrontPage-->MsiExec.exe /I{9028040E-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_hun.exe
Nokia PC Suite-->MsiExec.exe /I{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}
Nokia Software Updater-->MsiExec.exe /X{9F59C3AE-81B0-4EF6-9762-D674BB079705}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PENTAX USB DISK Device-->MsiExec.exe /X{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}
RegCure 1.5.0.0-->C:\Program Files\RegCure\uninst.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x040e -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SimCity 3000 Unlimited-->C:\WINDOWS\IsUninst.exe -f"d:\sim city 3000\DeIsL1.isu" -c"d:\sim city 3000\_UnInstall.dll"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
Tauri WoW Szerver beállítások-->D:\World of Warcraft\TauriWoW_Uninst.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Settlers IV-->C:\WINDOWS\IsUninst.exe -f"f:\games\settlers 4 gold edition\Uninst.isu" -c"f:\games\settlers 4 gold edition\BBINST.DLL"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows illesztőprogram-csomag - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows illesztőprogram-csomag - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Windows illesztőprogram-csomag - Nokia Modem (05/22/2008 3.-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows illesztőprogram-csomag - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows illesztőprogram-csomag - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf
Windows illesztőprogram-csomag - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf
Windows illesztőprogram-csomag - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{5D63D27F-09D7-4420-9479-DD247CC31496}
Windows Live Messenger-->MsiExec.exe /X{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F}
WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Hosts File======

87.229.98.104 launcher.worldofwarcraft.com
87.229.98.104 status.wow-europe.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 091106-2]
FW: Sunbelt Personal Firewall

======System event log======

Computer Name: HAHNER-I6ZRLAHD
Event Code: 10
Message: Ez a meghajtó valószínűleg nem támogatja a digitális hanglejátszást.

Record Number: 16106
Source Name: redbook
Time Written: 20091018210419.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 6005
Message: Az Eseménynapló szolgáltatás elindult.

Record Number: 16105
Source Name: EventLog
Time Written: 20091018210404.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Szervizcsomag 2 Uniprocessor Free.

Record Number: 16104
Source Name: EventLog
Time Written: 20091018210404.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 6006
Message: Az Eseménynapló szolgáltatás leállt.

Record Number: 16103
Source Name: EventLog
Time Written: 20091018101335.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 20159
Message: A felhasználó (hahner@t-online.hu) által a következővel létesített kapcsolat bontva lett: DSL Connection (használt eszköz: PPPoE6-0).

Record Number: 16102
Source Name: RemoteAccess
Time Written: 20091018101329.000000+120
Event Type: információ
User:

=====Application event log=====

Computer Name: HAHNER-I6ZRLAHD
Event Code: 100
Message: wuauclt (4008) A(z) 5.01.2600.2180 adatbázismotor elindult.

Record Number: 9639
Source Name: ESENT
Time Written: 20090725111748.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 0
Message:
Record Number: 9638
Source Name: ServiceLayer
Time Written: 20090725111709.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 1800
Message: A Windows Biztonsági központ szolgáltatása elindult.

Record Number: 9637
Source Name: SecurityCenter
Time Written: 20090725111702.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 101
Message: MsnMsgr (1976) Az adatbázismotor leállt.

Record Number: 9636
Source Name: ESENT
Time Written: 20090725003858.000000+120
Event Type: információ
User:

Computer Name: HAHNER-I6ZRLAHD
Event Code: 103
Message: MsnMsgr (1976) \\.\C:\Documents and Settings\Hahner Krisztián\Local Settings\Application Data\Microsoft\Messenger\hahner.dori@hotmail.com\SharingMetadata\Working\database_9024_64A8_2464_92D0\dfsr.db: Az adatbázismotor leállított egy példányt: 0.

Record Number: 9635
Source Name: ESENT
Time Written: 20090725003858.000000+120
Event Type: információ
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------


Illetve második:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hahner Krisztián at 2009-11-07 13:55:31
Microsoft Windows XP Professional Szervizcsomag 2
System drive C: has 750 MB (7%) free of 10 GB
Total RAM: 1023 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:05, on 2009.11.07.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Programok\Logger\RSIT.exe
C:\Program Files\trend micro\Hahner Krisztián.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - Default URLSearchHook is missing
O1 - Hosts: 87.229.98.104 launcher.worldofwarcraft.com
O1 - Hosts: 87.229.98.104 status.wow-europe.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52A79A97-CAD5-4DAE-8C8A-7E339BAE857E}: NameServer = 84.2.44.1 84.2.46.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 4862 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=
"NoToolbarCustomize"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\Sim City 3000\Apps\Updater\UPDATER.EXE"="D:\Sim City 3000\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"
"D:\Setlers IV\Exe\s4_main.exe"="D:\Setlers IV\Exe\s4_main.exe:*:Disabled:s4_main"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\World of Warcraft\BackgroundDownloader.exe"="D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader"
"D:\Warcraft III\Garena.exe"="D:\Warcraft III\Garena.exe:*:Enabled:Garena"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\Games\Warcraft III\war3.exe"="E:\Games\Warcraft III\war3.exe:*:Enabled:Warcraft III"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61757cbc-88af-11de-936d-000ea6b0aa1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61757cbd-88af-11de-936d-000ea6b0aa1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79d516ac-3fd8-11de-927b-000ea6b0aa1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d90e8532-da71-11dd-9149-000ea6b0aa1b}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 1 months======

2009-11-07 13:55:33 ----D---- C:\Program Files\trend micro
2009-11-07 13:55:31 ----D---- C:\rsit
2009-11-07 12:54:47 ----D---- C:\Program Files\Browser Hijack Recover
2009-11-07 00:40:03 ----D---- C:\Program Files\RegCure
2009-11-07 00:30:57 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-11-06 14:39:22 ----D---- C:\Documents and Settings\Hahner Krisztián\Application Data\Uniblue
2009-11-04 21:44:54 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-04 20:32:45 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-04 20:31:40 ----D---- C:\Program Files\Lavasoft
2009-11-04 17:06:42 ----D---- C:\Documents and Settings\Hahner Krisztián\Application Data\runic games
2009-11-04 16:32:50 ----D---- C:\Documents and Settings\Hahner Krisztián\Application Data\WinRAR
2009-11-04 16:31:09 ----D---- C:\Program Files\WinRAR
2009-11-04 14:18:11 ----SHD---- C:\Config.Msi
2009-11-04 14:01:45 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip

======List of files/folders modified in the last 1 months======

2009-11-07 13:57:02 ----A---- C:\WINDOWS\wincmd.ini
2009-11-07 13:55:35 ----D---- C:\WINDOWS\Prefetch
2009-11-07 13:55:33 ----RD---- C:\Program Files
2009-11-07 13:28:29 ----D---- C:\Program Files\Mozilla Firefox
2009-11-07 12:54:57 ----D---- C:\WINDOWS\system32
2009-11-07 12:45:11 ----D---- C:\WINDOWS\Temp
2009-11-07 01:05:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-07 00:40:25 ----SD---- C:\WINDOWS\Tasks
2009-11-05 17:26:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-05 17:12:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-05 15:36:44 ----D---- C:\Program Files\Messenger Plus! Live
2009-11-04 20:41:35 ----D---- C:\WINDOWS
2009-11-04 20:39:33 ----D---- C:\WINDOWS\system32\drivers
2009-11-04 20:39:32 ----HD---- C:\WINDOWS\inf
2009-11-04 20:39:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-04 20:32:45 ----SHD---- C:\WINDOWS\Installer
2009-11-04 20:30:30 ----D---- C:\WINDOWS\WinSxS
2009-11-04 20:29:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-04 18:53:44 ----D---- C:\Documents and Settings\Hahner Krisztián\Application Data\uTorrent
2009-11-04 18:38:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-04 16:47:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-04 16:06:25 ----D---- C:\Program Files\DivX
2009-11-04 14:22:18 ----D---- C:\WINDOWS\system32\mui
2009-11-04 14:22:14 ----D---- C:\Program Files\Internet Explorer
2009-11-04 14:20:50 ----RSD---- C:\WINDOWS\assembly
2009-11-03 18:47:59 ----A---- C:\WINDOWS\win.ini
2009-10-25 08:28:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-19 18:38:10 ----HD---- C:\BJPrinter
2009-10-10 12:09:08 ----SD---- C:\Documents and Settings\Hahner Krisztián\Application Data\Microsoft
2009-10-10 11:10:45 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 40320]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-29 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-29 25416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-26 25280]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztőprogramja; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-12 578368]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB szabványos hub-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a9jx2v0q;a9jx2v0q; C:\WINDOWS\system32\drivers\a9jx2v0q.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\HAHNER~1\LOCALS~1\Temp\GBZ63.tmp []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-04 1179232]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

-----------------EOF-----------------

Udv
ez a log rosz csinally logot az RSIT programbol -letoltod-futatod,klik continue a kis ido mulva ad 2-logot,egyet az asztalra egyet a talcara mind a 2-tot ted ide
http://images.malwareremoval.com/random/RSIT.exe

Hali, egy olyan problémám lenne, hogy mikor elindul a Windows ezt írja ki: Msascui.exe (0xc0000135) alkalmazás hiba, az initializálás sikertelen. Utánajártam, elvileg a reg fájlok kavarnak valamit be, lefuttattam a Regcuret, az talált egy csomó hibát, de javította, ám a probléma még mindig fenn áll. Nem értek hozzá túlságosan, csak egyszerű felhasználó vagyok, annyit sikerült kiderítenem, hogy a Hijack-et kéne futtatni, igy megtettem és itt a logja, nem tudom, hogy így jó e:

Logfile of Browser Hijack Recover(BHR) v2.3
http://www.browser-hijack.com/
Log created on 2009.11.07. 13-28-13
Microsoft Windows XP Professional Szervizcsomag 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;

[Process Manager] - [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Browser Hijack Recover\bhr.exe

[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =

[IE Options] - [IE Menu]

[IE Options] - [Internet Options]

[IE Options] - [IE Search Hooks]

[IE Add-Ons] - [Toolbars]

[IE Add-Ons] - [Explorer Bars]

[IE Add-Ons] - [Context Menu]

[IE Add-Ons] - [BHOs]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[IE Add-Ons] - [Tools Menu]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra "Tool" Menu Item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[IE Add-Ons] - [Tools Button]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[System Options]

[StartUp]
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe