Off:@Laci_L
Már megint szétoffounk egy topikot?
kitácsértosodott=kigatyásodott,elrenyhült,kibővült mint a...
Igaz,hogy nincs sem a Magyar Értelmezőben,sem a Bakosban,de azért mégis gyakrabban használatos mint a Tácsértos vihornya ..

végigment a vizsgálat, újraindulás után kiírta, hogy a kötet tiszta, aztán betöltött a Windows

Off:

Hinnye. Egérre ezt még nem hallottam.
Tácsértos vihornya-ról már igen, de ezt nem Információtechnkai viszonylatban.
Sőt: nagyon nem.

start>futatas>beirod cmd ok
es a fekete ablakba beirod
chkdsk /f/r [enter]>>majd ir hogy a restart utan,tehat restartolod es hagyod a gepet hogy kontrolaja le a merev lemezet,

hová kell ezt a parancsot beírni?

egyébként laptopról van szó...

igazad van nacorvus,en is ezen gondolkoztam hogy cserelje le az egeret,at vizsgalni a lemezet a Chkdsk /f/r parancsal,

Hasonló hiba nálam akkor volt,amikor az egér sz*rakodott: a középső görgőn (ami ráadásul kattintós is)a gumi kitácsértosodott és hol a jobb hol a bal gombot éppen annyira birizgálta,hogy használhatatlan legyen a szöveg szerkesztésére

oké, én ugyan nem sürgetlek, örülök, hogy egyáltalán eddig is foglalkoztál a problémámmal

fogog gondolkozni rajta,ma mar nemakaradzik,majd holnap,ok,

filmnél nem volt gond, zenét még nem próbáltam

viszont ha pl. az internet explorerben használom a gördítősávot, akkor nem szépen folyamatosan gördül a kép, hanem szaggat... ilyen egyéb jellegű tapasztalatom van eddig

hm,ez igen erdekes dolog,,olyan mintha kesve reagalna a gep,,
es nem lassu a gep..zene,video,film nezesebe??

teljesen véletlenszerűen
szeretnék például valahová beszúrni egy betűt, erre a kurzor utáni eltűnik, vagy ha olyan kedve van, akkor nem egyet töröl, hanem többet, úgy változó pillanatokban
van, amikor csendben van pár percig, de van, hogy megy egyfolytában a delete, bootoláskor ez jól érzékelhető, ha vinnyog a gép

tavaly, amikor már nagyon beindult, szinte folyamatosan ment a delete, kijelöltem egy fájlt, feljött az ablak, hogy törlöm-e, rákattintottam, hogy nem, aztán mielőtt bármi másra kattinthattam volna, megint feljött az ablak, és így tovább... ekkor jött az újratelepítés

most még nem olyan durva, mint akkor volt, de így is nagyon idegesítő, mert a legrosszabb pillanatokban kezd rá

eSafe n=Hamis detekcio,ez a virus kereso mindenut virust talal,
es hogy jelenik meg ez a torles??mikor pontos idokbe??

semmit nem talált továbbra sem

viszont

a virustotalon megvizsgáltattam az atapi.sys fájlt, és a 40 programból egy (eSafe nevezetű) Win32.Rootkit-et hoz ki

most mit tegyek?

hm,igen ez lehet ahogy elob irtam valami.bat szemet ami nem is virus de torol,probalj a keresesbe beteni .bat,hogy talal e valamit,
Edit/
Szinten Boldog Ujevet kivanok,

Pár órás scan után közölte a cureit, hogy nem talált az égvilágon semmit. :S
Mindent úgy csináltam, ahogy írtad.

<--- egyébként

BOLDOG ÚJ ÉVET KÍVÁNOK! --->

nem,ugy nezem hogy az atapi.sys,megvan fertozve,vagy hakolva,
ma mar nemajarodzik,de majd holnap kicserelhetjuk,ha kedved van futasd a Cureit antivirust,ha kinyilik,megvevesre csak ignoralni bezarni es futatod tovab,amit talal gyogyitani,csinalj logot a vegen a FILE-Ful alat van,it csinalhatol logot.
tehat letoltod az asztalra
egyelore nefutasd
lemegy csokentet modba
es it futatod
lefut egy rovid skan,levizsgalja a boot,ami a MEMBE fut,aztan a rovid skan utan futatod a teljes skant,
DrWeb-CureIt

a gmer ezt hozta ki

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 21:18:31
Windows 5.1.2600 Szervizcsomag 3
Running: gmer.exe; Driver: C:\DOCUME~1\JUHSZB~1\LOCALS~1\Temp\kweyrpog.sys


---- System - GMER 1.0.15 ----

SSDT spip.sys ZwCreateKey [0xF7D9B0E0]
SSDT spip.sys ZwEnumerateKey [0xF7DB9CA2]
SSDT spip.sys ZwEnumerateValueKey [0xF7DBA030]
SSDT spip.sys ZwOpenKey [0xF7D9B0C0]
SSDT spip.sys ZwQueryKey [0xF7DBA108]
SSDT spip.sys ZwQueryValueKey [0xF7DB9F88]
SSDT spip.sys ZwSetValueKey [0xF7DBA19A]

INT 0x3E ? 82B6ABF8
INT 0x3F ? 82B6ABF8

---- Kernel code sections - GMER 1.0.15 ----

? spip.sys A rendszer nem találja a megadott fájlt. !
.text USBPORT.SYS!DllUnload F789A8AC 5 Bytes JMP 829631D8
.text akaboh4w.SYS F7823386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text akaboh4w.SYS F78233AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text akaboh4w.SYS F78233C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text akaboh4w.SYS F78233C9 1 Byte [2E]
.text akaboh4w.SYS F78233C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1548] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405A541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40679865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4066CEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4067D6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 405E4602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4077441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40774351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407743BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40774222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40774284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40774482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407742E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 4067D748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2896] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407747A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405A541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4067D6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4077441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40774351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407743BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40774222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 40774284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40774482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3040] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407742E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82B6D5E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7DCCC4C] spip.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7DCCCA0] spip.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7D9C040] spip.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7D9C13C] spip.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7D9C0BE] spip.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7D9C7FC] spip.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7D9C6D2] spip.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7DAC048] spip.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 829632D8
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!_aulldiv] 838D0000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\akaboh4w.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82B691F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 828B11F8
Device \Driver\usbehci \Device\USBPDO-1 829AA500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82BDA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82BDA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82BDA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82BDA1F8
Device \Driver\usbuhci \Device\USBPDO-2 828B11F8
Device \Driver\sptd \Device\3020960528 spip.sys

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\PCI_PNP9232 \Device\00000049 spip.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{0A11C35D-3375-4A0B-8264-F92019A60A3F} 828BA500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D24DE8C8-E10C-4F09-A37B-9A34C6C850BF} 828BA500
Device \Driver\Ftdisk \Device\HarddiskVolume1 82B6B1F8
Device \Driver\Cdrom \Device\CdRom0 828F6500
Device \Driver\Cdrom \Device\CdRom1 828F6500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7CD1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7CD1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7CD1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7CD1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 828BA500
Device \Driver\NetBT \Device\NetbiosSmb 828BA500
Device \Driver\usbuhci \Device\USBFDO-0 828B11F8
Device \Driver\usbuhci \Device\USBFDO-1 828B11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8296F500
Device \Driver\usbehci \Device\USBFDO-2 829AA500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8296F500
Device \Driver\Ftdisk \Device\FtControl 82B6B1F8
Device \Driver\akaboh4w \Device\Scsi\akaboh4w1Port2Path0Target0Lun0 8289D1F8
Device \Driver\akaboh4w \Device\Scsi\akaboh4w1 8289D1F8
Device \FileSystem\Cdfs \Cdfs 82974500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x60 0x8D 0x3E 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x93 0x71 0x14 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0x29 0x87 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x60 0x8D 0x3E 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x93 0x71 0x14 0x14 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8A 0x29 0x87 0xE8 ...

---- EOF - GMER 1.0.15 ----


és a gép továbbra is töröl
azt mondod, irány a szerviz?

Nicsen semi veszejes a gepben,,ha meg mindig torol a gep akor futasd a G-Mer programot,megnezuk nincsenek e Rootkitek,,

A txt:


OTL logfile created on: 2009.12.26. 17:35:20 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Letöltések
Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

703,00 Mb Total Physical Memory | 438,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,94 Gb Total Space | 20,39 Gb Free Space | 72,97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FORR-14DE1B8D9E
Current User Name: Juhász Béla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.26 17:33:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Letöltések\OTL.exe
PRC - [2009.03.08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008.08.18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008.08.18 13:23:50 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 17:02:16 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.29 20:24:42 | 01,527,808 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2004.06.16 05:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004.06.10 11:54:40 | 00,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd2.exe


========== Modules (SafeList) ==========

MOD - [2009.12.26 17:33:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Letöltések\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008.08.18 13:30:58 | 00,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008.08.18 13:25:10 | 00,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.04.14 17:01:52 | 00,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)


========== Driver Services (SafeList) ==========

DRV - [2008.11.30 12:56:40 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.11.30 09:35:26 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008.08.18 13:27:42 | 00,034,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008.08.18 13:19:26 | 00,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008.08.18 13:18:26 | 00,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB audio-illesztőprogram (WDM)
DRV - [2008.04.13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.04.23 14:11:54 | 00,224,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2006.06.19 14:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006.03.02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006.03.02 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004.12.15 15:19:08 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2004.12.15 15:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.12.15 14:18:28 | 00,205,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2004.08.03 23:32:22 | 00,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004.07.28 11:49:00 | 00,334,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2)
DRV - [2003.12.02 08:10:00 | 00,067,584 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001.08.17 22:49:02 | 00,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alifir.sys -- (ALiIRDA)
DRV - [2001.08.17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001.08.17 21:12:32 | 00,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-854245398-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hirtv.hu/
IE - HKU\S-1-5-21-2052111302-854245398-1060284298-1003\S-1-5-21-2052111302-854245398-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.19 13:59:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (687 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\MA\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-854245398-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-854245398-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-854245398-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-854245398-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2052111302-854245398-1060284298-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.04 19:10:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.09.04 19:10:05 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafikus leképezés (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dinamikus HTML-adatkapcsolások a Javához
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java-osztályok
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Windows XP biztonsági frissítés - KB923789
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Feladatütemező
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009.12.13 09:06:33 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009.12.12 21:01:22 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009.12.12 21:01:22 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009.12.12 21:01:22 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009.12.12 21:01:08 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009.12.05 19:59:41 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009.12.05 19:59:33 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009.12.03 22:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Corel User Files
[2009.12.02 21:27:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009.12.02 21:25:50 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009.12.02 20:12:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Corel
[2009.10.25 14:51:53 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2009.10.25 14:51:53 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2008.12.21 14:34:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008.10.31 16:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008.09.04 19:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008.09.04 19:10:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.12.26 17:29:17 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.12.26 17:29:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.12.26 17:29:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.12.23 10:06:33 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\Juhász Béla\NTUSER.DAT
[2009.12.23 10:06:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Juhász Béla\ntuser.ini
[2009.12.23 10:06:28 | 05,891,196 | -H-- | M] () -- C:\Documents and Settings\Juhász Béla\Local Settings\Application Data\IconCache.db
[2009.12.13 10:01:44 | 00,002,855 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.12.13 07:52:53 | 00,482,528 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Barack címke - 2009.jpg
[2009.12.12 20:54:39 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.12 19:03:00 | 00,311,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.12 19:03:00 | 00,303,594 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat
[2009.12.12 19:03:00 | 00,057,914 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat
[2009.12.12 19:03:00 | 00,040,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.12 19:02:59 | 00,720,032 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.12.12 18:39:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.12.07 22:12:14 | 00,482,611 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.072.jpg
[2009.12.07 22:11:39 | 00,153,752 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész72_árnyékolt.cdr
[2009.12.07 22:05:05 | 00,152,642 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész72_árnyékolt.cdr
[2009.12.07 21:53:05 | 00,496,257 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.071.jpg
[2009.12.07 21:52:13 | 00,153,226 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész71_árnyékolt.cdr
[2009.12.07 21:34:51 | 00,152,994 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész7_árnyékolt.cdr
[2009.12.07 21:31:33 | 00,499,410 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.07.jpg
[2009.12.07 21:28:33 | 00,152,984 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész7_árnyékolt.cdr
[2009.12.07 10:53:58 | 00,153,646 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész6_árnyékolt.cdr
[2009.12.07 09:20:37 | 00,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.06 22:37:38 | 00,476,170 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Barack címke - 2009.12.06. kész6.jpg
[2009.12.06 22:34:55 | 00,152,796 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész6.cdr
[2009.12.06 22:27:40 | 00,252,060 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész6.cdr
[2009.12.06 20:16:52 | 00,250,360 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész3.cdr
[2009.12.06 18:58:37 | 00,155,818 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész5.cdr
[2009.12.06 18:47:19 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.12.06 18:47:01 | 00,152,378 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Grafika1.cdr
[2009.12.06 18:43:41 | 00,250,484 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06.kész4.cdr
[2009.12.06 18:10:00 | 00,250,868 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész3.cdr
[2009.12.06 17:53:35 | 00,250,238 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész2.cdr
[2009.12.06 17:35:10 | 00,255,102 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész2.cdr
[2009.12.06 17:17:08 | 00,255,136 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész.cdr
[2009.12.06 15:44:56 | 00,255,640 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. 2.cdr
[2009.12.06 13:28:54 | 00,248,442 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. 2.cdr
[2009.12.06 13:15:20 | 01,527,822 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06..cdr
[2009.12.05 21:53:44 | 05,549,073 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\JuhászBélaminták.ai
[2009.12.05 21:53:13 | 01,004,211 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\JuhászBélaminták.jpg
[2009.12.03 22:31:56 | 01,427,648 | ---- | M] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\JuhászBélaminták 2.cdr
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.13 07:52:53 | 00,482,528 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Barack címke - 2009.jpg
[2009.12.12 21:01:34 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.12.12 21:01:32 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.12.12 21:01:22 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009.12.12 21:01:21 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.12.12 21:01:21 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.12.12 21:01:11 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.12.12 21:01:11 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.12.12 20:52:29 | 11,632,51758 | ---- | C] () -- C:\The.Hangover.avi
[2009.12.07 22:12:05 | 00,482,611 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.072.jpg
[2009.12.07 22:11:39 | 00,152,642 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész72_árnyékolt.cdr
[2009.12.07 22:05:05 | 00,153,752 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész72_árnyékolt.cdr
[2009.12.07 21:52:52 | 00,496,257 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.071.jpg
[2009.12.07 21:52:12 | 00,153,226 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész71_árnyékolt.cdr
[2009.12.07 21:34:51 | 00,152,984 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész7_árnyékolt.cdr
[2009.12.07 21:29:13 | 00,499,410 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.07.jpg
[2009.12.07 21:28:32 | 00,152,994 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész7_árnyékolt.cdr
[2009.12.07 10:53:57 | 00,153,646 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész6_árnyékolt.cdr
[2009.12.06 22:44:06 | 00,476,170 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Barack címke - 2009.12.06. kész6.jpg
[2009.12.06 22:34:55 | 00,252,060 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész6.cdr
[2009.12.06 22:27:39 | 00,152,796 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész6.cdr
[2009.12.06 20:16:51 | 00,250,868 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész3.cdr
[2009.12.06 18:58:36 | 00,155,818 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész5.cdr
[2009.12.06 18:47:01 | 00,152,378 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Grafika1.cdr
[2009.12.06 18:43:41 | 00,250,484 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06.kész4.cdr
[2009.12.06 18:10:00 | 00,250,360 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész3.cdr
[2009.12.06 17:53:35 | 00,255,102 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. kész2.cdr
[2009.12.06 17:35:09 | 00,250,238 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész2.cdr
[2009.12.06 17:17:08 | 00,255,136 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. kész.cdr
[2009.12.06 15:44:56 | 00,248,442 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\Biztonsági_másolat_címke - 2009.12.06. 2.cdr
[2009.12.06 13:28:53 | 00,255,640 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06. 2.cdr
[2009.12.06 13:15:18 | 01,527,822 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\címke - 2009.12.06..cdr
[2009.12.05 21:53:31 | 05,549,073 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\JuhászBélaminták.ai
[2009.12.05 21:53:03 | 01,004,211 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\JuhászBélaminták.jpg
[2009.12.03 22:31:55 | 01,427,648 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Dokumentumok\JuhászBélaminták 2.cdr
[2009.10.25 14:52:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2009.10.25 14:52:06 | 00,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2009.10.25 14:51:58 | 00,334,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2009.10.25 14:51:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\rsnpstd2.dll
[2008.12.21 13:25:30 | 00,000,070 | ---- | C] () -- C:\WINDOWS\Voice Manager.INI
[2008.11.30 12:56:39 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.10.31 16:55:42 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Juhász Béla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.31 16:43:26 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008.09.04 20:02:28 | 00,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.08.18 13:27:42 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys

========== LOP Check ==========

[2008.10.31 14:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.07.19 13:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.07.19 14:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008.11.30 12:56:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juhász Béla\Application Data\DAEMON Tools
[2008.12.01 12:00:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juhász Béla\Application Data\Graphisoft
[2009.07.19 14:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juhász Béla\Application Data\Nokia
[2009.07.19 14:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Juhász Béla\Application Data\PC Suite

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 17:01:50 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 17:01:50 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 17:01:50 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2006.03.02 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 17:01:56 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 17:01:56 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 17:01:56 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 17:01:59 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 17:01:59 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 17:01:59 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\system32\scecli.dll
[2006.03.02 13:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %SYSTEMDRIVE%\*.exe >
< End of report >

Tolds le OTListIt2>> OTL
- futasd
-bepotyozni
-Scan all users.
-Lop check.
-Purity check.
-v sekciiExtra Registry>bepotyozod>Use SafeList
-az ablakba Custom Scans/Fixes>ted be a zold textet>klik>> Run SCAN
-ted ide
-OTL.txt (az asztalon lesz).

őszintén szólva szeretnék a végére járni, mert nem igazán jó, hogy ha kapok egy ilyen vírust, csak az újratelepítésben bízhatok

nemlatok semi veszejeset,ilyemit amit irsz szok csinalni valami .bat virus..de a logban nemalatom,,ha meg nyomozni akarsz irlyal es meg lefutatunk egypar programot,

Íme a log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Juhász Béla at 2009-12-23 09:16:49
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 21 GB (73%) free of 29 GB
Total RAM: 703 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:05, on 2009.12.23.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Letöltések\RSIT.exe
C:\Letöltések\Juhász Béla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hirtv.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\MA\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=010210 serial=DR12CUS-2178927-HVQ lang=MA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 4517 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-08-18 1447168]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-06-10 286720]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\MA\Programs\Registration.exe [2005-04-15 733184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-23 09:16:49 ----D---- C:\rsit
2009-12-13 09:06:33 ----D---- C:\Program Files\Alwil Software
2009-12-12 21:01:34 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-12 21:01:32 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-12 21:01:22 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-12-12 21:01:21 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-12 21:01:21 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-12 21:01:11 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-12 21:01:11 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-12 21:01:08 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-12 18:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-12 18:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-12 18:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-12 18:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-12 18:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-02 21:27:02 ----D---- C:\Program Files\Common Files\Corel
2009-12-02 21:25:50 ----D---- C:\Program Files\Corel
2009-12-02 20:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-02 20:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-02 20:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-02 20:12:56 ----D---- C:\WINDOWS\Corel

======List of files/folders modified in the last 1 months======

2009-12-23 09:17:01 ----D---- C:\Letöltések
2009-12-23 09:16:55 ----D---- C:\WINDOWS\temp
2009-12-23 09:13:25 ----D---- C:\WINDOWS\system32
2009-12-18 13:04:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-13 10:01:44 ----D---- C:\WINDOWS\system32\drivers
2009-12-13 09:44:04 ----D---- C:\WINDOWS\Prefetch
2009-12-13 09:07:16 ----D---- C:\WINDOWS\system32\config
2009-12-13 09:06:33 ----RD---- C:\Program Files
2009-12-12 21:01:32 ----D---- C:\WINDOWS
2009-12-12 19:02:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-12 19:01:16 ----D---- C:\Program Files\Internet Explorer
2009-12-12 18:44:33 ----HD---- C:\WINDOWS\inf
2009-12-12 18:42:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-12 18:39:11 ----A---- C:\WINDOWS\imsins.BAK
2009-12-12 18:23:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-12 18:12:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-02 21:29:17 ----SHD---- C:\WINDOWS\Installer
2009-12-02 21:28:27 ----D---- C:\WINDOWS\WinSxS
2009-12-02 21:27:02 ----D---- C:\Program Files\Common Files
2009-12-02 21:27:00 ----RSD---- C:\WINDOWS\Fonts
2009-12-02 20:13:03 ----D---- C:\TEMP
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-30 21035]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 irda;IrDA protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2003-12-02 67584]
R3 aliadwdm;ALi hanggyorsító WDM illesztőprogramja; C:\WINDOWS\system32\drivers\ac97ali.sys [2004-08-03 231552]
R3 ALiIRDA;ALi infravörös eszközillesztő; C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 26624]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI vezérlési módú telep illesztőprogramja; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FA312;NETGEAR FA330/FA312/FA311 gyors Ethernet-adapter Driver; C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2004-12-15 1038208]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys [2004-12-15 205696]
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 a5f7ha4b;a5f7ha4b; C:\WINDOWS\system32\drivers\a5f7ha4b.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\JUHSZB~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MODEMCSA;Unimodem Streaming Filter eszköz; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB audio-illesztőprogram (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R2 Irmon;Infravörös figyelő; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 19200]
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]

-----------------EOF-----------------

udv
a HiJack program a mai virusokra mar megvakult,,ezert adlyal az RSIT programbol logot
http://images.malwareremoval.com/random/RSIT.exe
klik continue es az Log.txt ted ide

Hello!

Már én itt visszatérő vendég vagyok.
Köszönöm Stell a legutóbbi segítségedet, bele kellett, hogy nyugodjak, nem mai darab már a gépem, így túl sokat várok tőle.
Most viszont van egy nagyon nagy problémám egy másik gépen.
Valamikor tavaly nyáron kezdődött. Időnként, ha ki volt jelölve egy-egy fájl a gépen, feljött egy panel, hogy valóban törlöm-e. Szövegszerkesztőben ez úgy nézett ki, hogy ha egy szó elé mentem, szépen elkezdte elölről törölni a szöveget, amíg volt mit. Néha csak egy-két betűt, néha egy sort. Szóval tulajdonképpen úgy néz ki ez az egész, mintha időnként rákönyökölnék a DELETE gombra. Ahogy súlyosbodott a helyzet, egyre gyakrabban jöttek fel ilyen "Biztosan törli a fájlt?" ablakok, sőt, a gép indításakor is vinnyogott a gép, mint amikor egy billentyű le van nyomva folyamatosan. A szervizesek azt mondták, valószínűbb, hogy vírus, mint az, hogy magának a delete gombnak van baja.
Telepítettem egymás után a vírusirtókat, persze egyik se talált semmit. Nem tudtam mit tenni, jött a Windows-újratelepítés.
A gép tünetmentes volt. Aztán kezdődött elölről... és most itt tartok, egyre gyakrabban jön ez a törölni akarós mizéria. Nem szeretném ismét újratelepíteni a gépet, csak ha nagyon szükséges, meg kíváncsi is vagyok rá, hogy mi garázdálkodik már megint rajta.
Remélem, tudsz segíteni.

Íme a HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:34, on 2009.12.18.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Letöltések\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hirtv.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\MA\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=010210 serial=DR12CUS-2178927-HVQ lang=MA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 4223 bytes

nincsen mit koszonod,,nem kel nekem reklam,,nincsen anyi idom,,es nem penzert csinalom,
udv

Kedves Stell!

Úgy tűnik, hogy sikerült valahogy rendbe szedned, mert most működik!

Nagyon nagyon köszi a segítséged. Reklámozni foglak, hogy milyen ügyes vagy!
Még egyszer köszi
Viki

ok, akkor holnap. És még egyszer nagyon köszi.

ha ez meglesz es a gep meg mindig restartol,,akor bemegy csokentet modba,,a menuben ami megjelenik az F-8 nyomasa utan,,kivalasztod csokentet mod a halozatal,
es it maradsz,
es lefutatod a malwarebytes programot>komplet skant,amit talal torold,,,logot ted ide,,ce csak holnap nezem meg
http://download.bleepingcomputer.com/ma ... -setup.exe
ma mar vegzek udv

csinald eztet meg es restart,,es nenyomkodj semit ha bebotol e,,a virtualis memorianak nagyjabol 1.5x nagyobnak kel lenie mint a RAM.nak,

amikor elindítom a gépet, nem tölti be a windowst, hanem folyamatosan újraindul. Amikor megpróbálja betölteni, megnyomom az F8-at feljön egy lista, hogy csökkentett üzemmód, csökkentett üzemmód parancssorral.....és kiválasztom a hibakezelést, és ezután tudom elindítani a windowst.

csak hibakeresésben,,eztet nemertem,ird le pontosam,mi es mikor irja a hibat??

Megcsináltam mindent. Kitisztította, de még mindig nem indul el normál üzemmódban a windows, csak hibakeresésben.

akor renben van a daemon mar nincsen a gepen,,
pucold ki a gepet CCleaneral
Mostan toldsd le a -CCleanert-futatod-kinyilik a Windows Full-klik-analyze-klik run cleaner-de a bongeszokett zard be.
http://www.ccleaner.com/download/downloadpage.aspx?f=2
Klik -Full-Aplikaciok--es ugyanugy csinalod.

Utana klik ISSUES-az a kocka=register->rendszer iro>itt is bepipazni mindent ugyanugy ha valamitt kerdez beleegyezel-klik fix problem.A tobbi gombokat nembantani,,aztan ird le hogy viselkedik a gep,,

Tényleg nagyon köszönöm a türelmedet!

Megnyitottam a sajátgépet, és nincs daemon meghajtó.
Mit keressek?

hm,mar akor mindegy,megcsinaljuk maskep
nyisd ki a sajatgepet es nezd meg ha ot vannak e a Daemon meghalytok,

nem, tényleg nem kell ez a daemon program. Az nagy baj, hogy kitöröltem az egész mappát a Program files-ból?
Letöltöttem és elindítottam a programot, ahogy írtad, de az unistall-t nem tudtam megnyomni, mert nem aktív a gomb.

es kel e neked ez a Daemon??mert ez az alcoholal egyut csak bordelt csinal a gepel,mivel hogy Rootkit technikat alakalmaz ,,akasztly a kernel magot,,
leszeded a geprol igy,es ha akarod akor visza telepited
Letoltod ezt a programo,az op rendszer szerint kivalasztod es letoltod
neked az (32 bit) kellx86
http://www.duplexsecure.com/en/downloads
ted az asztalra >.futasd>>es valaszd ki uninstall>>restart PC

A daemont nem sikerült sem elindítani, sem letelepíteni.

A piros textet viszont sikerült beírnom, és ez lett a log-ban:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Viki
->Temp folder emptied: 1674998 bytes
->Temporary Internet Files folder emptied: 28432322 bytes
->Java cache emptied: 58015304 bytes
->Apple Safari cache emptied: 81207 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2133627 bytes
%systemroot%\System32 .tmp files removed: 2676007 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1531150 bytes

Total Files Cleaned = 90,23 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.11.2 log created on 11292009_220139

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

letoroljuk a Daemon4.exe programot az asztalrol,es aztan letelepited a geprol a Daemont,de elote lefutatod az OTLIST2programot igy

Futasd az OTLIST2 programot,az ablakba customscan/fixes bemasolod a piros textet es klik RUNFIX,a gep restartol es ad
logot,
:OTL
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll File not found
O4 - HKLM..\Run: [GEST] File not found
C:\Documents and Settings\Viki\Asztal\daemon4.exe
:commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]


probakd be kapcsolni a DAEMONT ha nemmene irjal,
Errol a szerverekrol mar netolts le semmit
http://www.siteadvisor.pl/sites/lhp.hu

Ez pedig az extras.txt-ben volt:
OTL Extras logfile created on: 2009.11.29. 21:29:38 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Viki\Asztal
Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,69% Memory free
3,85 Gb Paging File | 3,15 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 99,54 Gb Free Space | 67,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 151,60 Gb Total Space | 134,77 Gb Free Space | 88,90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VIKI-6694DE6678
Current User Name: Viki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:&micro;Torrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C196427-49B6-426E-126C-2ED14FF8FC00}" = Catalyst Control Center Localization Thai
"{0E9E85F7-B46B-5B05-EA92-166041688360}" = CCC Help Finnish
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{12001F32-80E8-67DC-17BF-B71FF08952D4}" = Catalyst Control Center Localization Spanish
"{1337189C-ADD8-FA87-2037-1556FB8A4BC6}" = CCC Help Japanese
"{13647C4D-F5F4-C251-7A96-78B86AB007AC}" = Catalyst Control Center Graphics Previews Common
"{14D35B82-806E-FB4A-A80F-3FF7258832AA}" = ccc-core-preinstall
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{17BACA06-1CA8-D3F7-7F79-ACDCF96599DF}" = Catalyst Control Center Localization Japanese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368D5CDC-628E-2836-9E71-043672084991}" = Catalyst Control Center Localization Finnish
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Secret Files Tunguska
"{3E783AF8-51F7-1C42-53D5-F082FB0A28C1}" = Catalyst Control Center Localization Chinese Standard
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{401079AB-7327-7FFB-C742-1BE7EC8B7C06}" = CCC Help Danish
"{41148666-8506-4ABD-6935-AB1035A12A3E}" = Catalyst Control Center Localization Swedish
"{41F7FFF4-B5B3-D96D-58FD-AEE5EA280528}" = CCC Help Czech
"{47F95FE7-B901-2DB9-C370-D198DD7E7911}" = Catalyst Control Center Localization Russian
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{567D3326-2E0E-BDF8-791B-E77186020343}" = Catalyst Control Center Localization French
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5A2F8E75-C291-F338-F48B-524C3EADE800}" = CCC Help Italian
"{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}" = PicLens for Internet Explorer
"{5F72D175-2F8E-21EE-8A8F-15AD607C0531}" = CCC Help Swedish
"{617A16E4-A178-0E1E-DD80-88A44ACAF688}" = CCC Help Korean
"{635509DE-5A40-D9CC-C40C-C96FB4E266E0}" = Skins
"{65BF54F3-CE3C-098D-4410-7F64468BDDA7}" = CCC Help Norwegian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7227FD56-0482-6DBC-7B04-E748FB638283}" = Catalyst Control Center Localization Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CEA075-4371-2E52-F83F-FFC53CEABE12}" = Catalyst Control Center Localization Portuguese
"{74C45428-03A3-BAE9-F393-590FD36B69EE}" = CCC Help German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AEF3C07-82FE-50B4-9962-A38DD38733C5}" = ccc-core-static
"{7B8B54E7-0008-3DF8-266C-1A7105A0C7ED}" = Catalyst Control Center Localization Czech
"{7D5DE1C9-25FD-ECB3-74C9-50899F086A9F}" = CCC Help Hungarian
"{81EB9BC3-F6FA-CB2E-40BD-798FE703CCE4}" = CCC Help Dutch
"{866367B2-136A-6DCE-7D07-3F56175087BF}" = CCC Help Greek
"{89AF271D-6795-4012-82AF-B6BB7D5D7571}" = Tunguska Update 1.02
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8F027BD7-9175-CFF0-107E-E7AC0DE36E10}" = Catalyst Control Center Core Implementation
"{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903A040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{9051040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91C0B95B-B83A-4828-A775-BBE2DD421038}" = Nero 7 Premium
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A55A33F-8AFA-5578-69F9-0772EA3D7D9E}" = Catalyst Control Center Localization Chinese Traditional
"{9D80AE12-18EC-7E24-DBB4-09E6B7E667D9}" = ccc-utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3469F2F-A2B8-6B89-D431-19376590240A}" = Catalyst Control Center Localization Hungarian
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A45C237A-2D4F-71DA-0C25-540C645FA9CA}" = CCC Help Thai
"{A5CD6935-E688-9FA3-6002-CCD08EB9818B}" = CCC Help Polish
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFC57FD9-2705-9531-DA23-9A4E6F50D85C}" = Catalyst Control Center Localization Polish
"{BA99DF96-55D0-922C-A8B1-943C1755D0BE}" = Catalyst Control Center Graphics Full Existing
"{BF438498-A8BE-44B4-6079-540A9C4073AB}" = CCC Help Chinese Traditional
"{c080d4ef-802c-403a-9f98-c86871edfb7c}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7EC2121-A688-3126-B53A-18C815E4D043}" = Catalyst Control Center Localization Italian
"{C7FB85AE-EA6C-6BE8-790F-ECC99197D735}" = CCC Help Turkish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA7CDD01-93B6-4C3D-0807-20EE83E40F65}" = CCC Help Russian
"{CA979620-BE17-D758-17D3-142123785A17}" = CCC Help Chinese Standard
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1AE169D-4681-8886-D67E-FD6DCE1586F8}" = Catalyst Control Center Localization Norwegian
"{D289EDFF-D798-6169-A7D3-91D6B5CEB20B}" = Catalyst Control Center Graphics Full New
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D86847C4-6B93-91A8-9B28-A49563A9ED95}" = Catalyst Control Center Localization German
"{DF547081-AAAF-5F9C-0B80-89F9E130E1DB}" = CCC Help English
"{E0E9E379-528A-FABD-12BD-78C82C096F4A}" = Catalyst Control Center Graphics Light
"{E41AC810-F9A5-09AB-0D69-0694A3A980F0}" = Catalyst Control Center Localization Turkish
"{E7211161-CCC8-0912-60EF-364CA205B84A}" = Catalyst Control Center Localization Greek
"{E75B773E-3309-B615-0B91-385A8BDD2B03}" = CCC Help French
"{ECDB40C4-D343-6405-9D00-E42F07D84463}" = Catalyst Control Center Localization Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4AF1F4C-12D4-F77A-8FF0-37C221302343}" = CCC Help Portuguese
"{F7540817-B9F2-D025-2A88-F15E906D1367}" = CCC Help Spanish
"{F8CDA789-8DF0-049A-3130-5C14B888B913}" = Catalyst Control Center Localization Danish
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"504244733D18C8F63FF584AEB290E3904E791693" = Windows illesztőprogram-csomag - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows illesztőprogram-csomag - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows illesztőprogram-csomag - Nokia Modem (10/27/2008 3.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Aegisub 1.10" = Aegisub 1.10 (Remove Only)
"All ATI Software" = ATI - Szoftver eltávolító
"ATI Display Driver" = ATI Display Driver
"CdaC13Ba" = SafeCast Shared Components
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free Download Manager_is1" = Free Download Manager 2.5
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"F-Secure Product 444" = upc smart guard
"Fx MPEG Writer" = Fx MPEG Writer
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5550 series" = hp deskjet 5550 series (Csak törlés)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeuroTran" = NeuroTran 2001
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Photo Frame Show" = Photo Frame Show
"Secret Files Tunguska Honosítás V1.3" = Secret Files Tunguska Honosítás V1.3
"SimFarm" = SimFarm
"UltraFXP" = UltraFXP (remove only)
"UnderCoverXP_is1" = UnderCoverXP 1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0853" = 0853
"AbevJava" = AbevJava
"Techno Design IP Notify" = LiveSearch Notification Tool
"uTorrent" = &micro;Torrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009.08.30. 4:56:10 | Computer Name = VIKI-6694DE6678 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: explorer.exe, verzió: 6.0.2900.5512, hibás modul:
emzdecmp4_h263.dll, verzió: 2.0.0.0, memóriacím: 0x00002827.

Error - 2009.09.04. 12:08:57 | Computer Name = VIKI-6694DE6678 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: iexplore.exe, verzió: 7.0.6000.16876, nem
válaszoló modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.09.06. 3:00:26 | Computer Name = VIKI-6694DE6678 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: explorer.exe, verzió: 6.0.2900.5512, hibás modul:
emzdecmp4_h263.dll, verzió: 2.0.0.0, memóriacím: 0x00002827.

Error - 2009.09.13. 12:47:54 | Computer Name = VIKI-6694DE6678 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: EXCEL.EXE, verzió: 11.0.5612.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.09.13. 12:52:23 | Computer Name = VIKI-6694DE6678 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2009-09-13 18:52:14+02:00 viki-6694de6678 VIKI-6694DE6678\Viki
F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET
EXPLORER\CONNECTION WIZARD\ICWRES.DLL was aborted due to exceeded scanning time
limit. The file may be in use or reading it was too slow (e.g. network connection
was under stress).

Error - 2009.09.13. 12:52:25 | Computer Name = VIKI-6694DE6678 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: iexplore.exe, verzió: 7.0.6000.16876, hibás modul:
ieui.dll, verzió: 7.0.5730.13, memóriacím: 0x000061b1.

Error - 2009.09.26. 3:48:55 | Computer Name = VIKI-6694DE6678 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: iexplore.exe, verzió: 7.0.6000.16876, hibás modul:
cooliris.dll, verzió: 1.10.0.24532, memóriacím: 0x000352f2.

Error - 2009.09.26. 3:49:39 | Computer Name = VIKI-6694DE6678 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: vdownloader.exe, verzió: 0.0.0.0, hibás modul: unknown,
verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.10.04. 12:38:42 | Computer Name = VIKI-6694DE6678 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: ShowTime.exe, verzió: 3.10.1.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.10.04. 12:38:43 | Computer Name = VIKI-6694DE6678 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: ShowTime.exe, verzió: 3.10.1.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

[ System Events ]
Error - 2009.11.29. 14:38:39 | Computer Name = VIKI-6694DE6678 | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Alkalmazásvezérlés) leállt a következő hibával: %%126

Error - 2009.11.29. 14:38:39 | Computer Name = VIKI-6694DE6678 | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Alkalmazásvezérlés) leállt a következő hibával: %%126

Error - 2009.11.29. 14:38:39 | Computer Name = VIKI-6694DE6678 | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Alkalmazásvezérlés) leállt a következő hibával: %%126

Error - 2009.11.29. 14:38:39 | Computer Name = VIKI-6694DE6678 | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Alkalmazásvezérlés) leállt a következő hibával: %%126

Error - 2009.11.29. 14:49:26 | Computer Name = VIKI-6694DE6678 | Source = Service Control Manager | ID = 7034
Description = A(z) C-DillaCdaC11BA szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal
fordult elő.

Error - 2009.11.29. 15:37:58 | Computer Name = VIKI-6694DE6678 | Source = Ftdisk | ID = 262189
Description = A rendszer nem tudta betölteni az összeomlási memóriakép illesztőprogramját.

Error - 2009.11.29. 15:37:58 | Computer Name = VIKI-6694DE6678 | Source = Ftdisk | ID = 262193
Description = Az összeomlási memóriakép lapozófájljának konfigurálása nem sikerült.
Ellenőrizze,
hogy van-e lapozófájl a rendszerindító meghajtón, és hogy a mérete elég nagy-e az
egész fizikai memória tárolásához.

Error - 2009.11.29. 15:39:21 | Computer Name = VIKI-6694DE6678 | Source = Service Control Manager | ID = 7026
Description = A következő boot- vagy rendszerindító illesztőprogram(ok) nem indult(ak)
el: sptd

Error - 2009.11.29. 16:20:57 | Computer Name = VIKI-6694DE6678 | Source = Ftdisk | ID = 262189
Description = A rendszer nem tudta betölteni az összeomlási memóriakép illesztőprogramját.

Error - 2009.11.29. 16:20:57 | Computer Name = VIKI-6694DE6678 | Source = Ftdisk | ID = 262193
Description = Az összeomlási memóriakép lapozófájljának konfigurálása nem sikerült.
Ellenőrizze,
hogy van-e lapozófájl a rendszerindító meghajtón, és hogy a mérete elég nagy-e az
egész fizikai memória tárolásához.


< End of report >

Ezt írta ki a txt:
OTL logfile created on: 2009.11.29. 21:29:38 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Viki\Asztal
Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,69% Memory free
3,85 Gb Paging File | 3,15 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 99,54 Gb Free Space | 67,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 151,60 Gb Total Space | 134,77 Gb Free Space | 88,90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VIKI-6694DE6678
Current User Name: Viki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.11.29 21:28:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viki\Asztal\OTListIt2.exe
PRC - [2009.10.28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009.10.16 17:44:13 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Anti-Virus\fssm32.exe
PRC - [2009.10.16 17:44:13 | 00,476,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32.exe
PRC - [2009.08.27 06:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009.06.05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.04.30 19:00:45 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2009.03.05 18:34:44 | 00,347,744 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Anti-Virus\fsav32.exe
PRC - [2009.03.05 18:34:44 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
PRC - [2009.02.17 08:48:39 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.02.17 08:48:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008.12.03 12:47:34 | 01,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008.11.11 15:45:06 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FSAUA\program\fsus.exe
PRC - [2008.11.11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.09.23 14:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\ORSP Client\fsorsp.exe
PRC - [2008.09.23 14:37:28 | 00,686,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FSPC\fspc.exe
PRC - [2008.09.23 14:37:20 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Common\FSMB32.EXE
PRC - [2008.09.23 14:37:18 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Common\FAMEH32.EXE
PRC - [2008.09.23 14:37:18 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Common\FSM32.EXE
PRC - [2008.09.23 14:37:18 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Common\FCH32.EXE
PRC - [2008.09.23 14:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
PRC - [2008.09.23 14:36:54 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FSGUI\fsguidll.exe
PRC - [2008.09.23 14:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FWES\program\fsdfwd.exe
PRC - [2008.09.23 14:35:14 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Anti-Virus\fsqh.exe
PRC - [2008.09.23 14:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
PRC - [2008.09.19 08:52:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.09.11 03:07:50 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008.09.11 03:07:50 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008.06.18 12:46:54 | 02,691,185 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2008.06.18 12:46:52 | 00,036,982 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2008.06.18 12:46:50 | 00,106,613 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2008.06.03 08:02:34 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.04.14 17:02:16 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.13 07:31:34 | 16,857,600 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007.07.17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007.06.27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007.06.27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005.11.08 23:00:38 | 00,128,920 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Viki\Asztal\daemon.exe
PRC - [2002.07.11 13:39:12 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe


========== Modules (SafeList) ==========

MOD - [2009.11.29 21:28:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viki\Asztal\OTListIt2.exe
MOD - [2008.09.23 14:37:34 | 00,252,512 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Spam Control\fsscoepl.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.06.19 18:45:28 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009.06.05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.04.30 19:00:45 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009.03.05 18:34:44 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.02.17 08:48:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.11.11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.23 14:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2008.09.23 14:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE -- (FSMA)
SRV - [2008.09.23 14:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2008.09.23 14:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2008.09.11 03:07:50 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008.09.10 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008.06.18 12:46:52 | 00,036,982 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2008.06.18 12:46:50 | 00,106,613 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2007.06.29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007.06.27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2004.10.22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009.11.29 21:22:19 | 00,664,064 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.10.16 17:44:55 | 00,101,496 | ---- | M] () -- C:\Program Files\UPC SmartGuard\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009.08.28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009.07.14 18:20:49 | 00,033,920 | ---- | M] () -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2009.05.18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.04.30 19:00:43 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2009.02.01 11:01:20 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009.02.01 10:39:03 | 00,162,432 | ---- | M] () -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2009.02.01 10:39:02 | 00,012,032 | ---- | M] () -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2009.01.26 18:53:53 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.01.26 18:53:52 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.01.21 13:53:00 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.09.23 14:37:06 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2008.09.23 14:35:38 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008.09.23 14:35:18 | 00,039,776 | ---- | M] () -- C:\Program Files\UPC SmartGuard\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2008.09.23 14:35:18 | 00,025,184 | ---- | M] () -- C:\Program Files\UPC SmartGuard\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008.09.15 07:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.09.15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.09.15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.09.15 07:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.09.11 04:08:10 | 03,331,072 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.02 20:38:14 | 00,089,600 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.06.18 12:46:58 | 00,047,504 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008.06.18 12:46:56 | 02,235,760 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008.06.18 12:46:54 | 00,121,136 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2008.06.18 12:46:52 | 00,673,872 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2008.04.13 19:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008.04.13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB audio-illesztőprogram (WDM)
DRV - [2008.04.13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.14 10:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.03 15:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004.08.18 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
IE - HKU\S-1-5-21-1957994488-261478967-725345543-1004\S-1-5-21-1957994488-261478967-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.02.28 19:41:41 | 00,000,000 | ---D | M]


O1 HOSTS File: (687 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1957994488-261478967-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\UPC SmartGuard\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\UPC SmartGuard\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1957994488-261478967-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1957994488-261478967-725345543-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1957994488-261478967-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-261478967-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-261478967-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1957994488-261478967-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Az összes letöltése Free Download Managerrel - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Kijelölés letöltése Free Download Managerrel - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Letöltés Free Download Managerrel - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Video letöltése a Free Download Manager-rel - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Szülői... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Szülői... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\UPC SmartGuard\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\UPC SmartGuard\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\UPC SmartGuard\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\UPC SmartGuard\FSPS\program\fslsp.dll (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.21 13:34:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.29 21:28:49 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Viki\Asztal\OTListIt2.exe
[2009.11.29 21:17:53 | 01,530,776 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Viki\Asztal\daemon4.exe
[2009.11.29 20:53:51 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Viki\Asztal\RootRepeal.exe
[2009.11.29 19:51:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.29 19:48:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.29 19:48:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.29 19:48:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.29 19:48:20 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.29 19:47:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.29 19:46:45 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.29 19:18:18 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009.11.15 20:15:52 | 00,000,000 | ---D | C] -- C:\Program Files\NeuroTran
[2009.11.15 18:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Viki\Dokumentumok\Output
[2009.11.15 17:42:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009.11.15 17:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009.11.15 17:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.11.15 17:39:04 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.11.15 17:37:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Viki\Application Data\Thinstall
[2009.11.15 17:36:07 | 00,000,000 | ---D | C] -- C:\Program Files\Dokumentum típusok konvertálása
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.29 21:28:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viki\Asztal\OTListIt2.exe
[2009.11.29 21:27:07 | 00,006,207 | ---- | M] () -- C:\Documents and Settings\Viki\Dokumentumok\Memento.notes
[2009.11.29 21:22:19 | 00,664,064 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.29 21:22:18 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sptd0205.sys
[2009.11.29 21:20:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.29 21:20:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.29 21:20:42 | 00,054,376 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009.11.29 21:19:01 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Viki\NTUSER.DAT
[2009.11.29 21:18:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Viki\ntuser.ini
[2009.11.29 21:17:56 | 01,530,776 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Viki\Asztal\daemon4.exe
[2009.11.29 20:54:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Viki\Asztal\settings.dat
[2009.11.29 20:53:54 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Viki\Asztal\RootRepeal.exe
[2009.11.29 20:33:53 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Viki\Asztal\mbr.exe
[2009.11.29 20:32:34 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Viki\Asztal\Defogger.exe
[2009.11.29 20:29:32 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Viki\default.pls
[2009.11.29 20:29:32 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.29 20:04:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.29 19:51:36 | 00,000,290 | RHS- | M] () -- C:\boot.ini
[2009.11.29 19:45:24 | 03,581,744 | R--- | M] () -- C:\Documents and Settings\Viki\Asztal\ComboFix.exe
[2009.11.29 17:04:04 | 00,058,671 | ---- | M] () -- C:\Documents and Settings\Viki\Dokumentumok\upc smart guard 8_00 - Jelentés ellenőrzésről - 2009_ november 29_ 170243.mht
[2009.11.29 15:27:43 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.29 09:30:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.11.29 09:11:22 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009.11.28 20:56:32 | 00,235,520 | ---- | M] () -- C:\Documents and Settings\Viki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.26 19:30:38 | 00,001,722 | -H-- | M] () -- C:\Documents and Settings\Viki\Dokumentumok\Default.rdp
[2009.11.15 20:16:54 | 00,000,718 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.11.15 19:22:51 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\iTunes.lnk
[2009.11.15 17:46:13 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Safari.lnk
[2009.11.15 17:39:52 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\QuickTime Player.lnk
[2009.11.14 09:24:10 | 00,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.11.29 20:54:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Viki\Asztal\settings.dat
[2009.11.29 20:33:53 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\Viki\Asztal\mbr.exe
[2009.11.29 20:32:33 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Viki\Asztal\Defogger.exe
[2009.11.29 19:51:35 | 00,000,220 | ---- | C] () -- C:\Boot.bak
[2009.11.29 19:51:31 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009.11.29 19:48:20 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.29 19:48:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.29 19:48:20 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.29 19:48:20 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.29 19:48:20 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.29 19:45:24 | 03,581,744 | R--- | C] () -- C:\Documents and Settings\Viki\Asztal\ComboFix.exe
[2009.11.29 17:04:03 | 00,058,671 | ---- | C] () -- C:\Documents and Settings\Viki\Dokumentumok\upc smart guard 8_00 - Jelentés ellenőrzésről - 2009_ november 29_ 170243.mht
[2009.11.15 17:46:13 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Safari.lnk
[2009.11.15 17:42:48 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\iTunes.lnk
[2009.11.15 17:39:52 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\QuickTime Player.lnk
[2009.07.28 17:02:12 | 02,119,680 | ---- | C] () -- C:\Documents and Settings\Viki\Local Settings\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
[2009.07.04 09:41:51 | 02,118,144 | ---- | C] () -- C:\Documents and Settings\Viki\Local Settings\Application Data\cooliris-win-ie-release-1.11.0.26762.en-US.msi
[2009.04.15 17:52:05 | 02,545,152 | ---- | C] () -- C:\Documents and Settings\Viki\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009.03.08 10:13:35 | 00,240,458 | ---- | C] () -- C:\Documents and Settings\Viki\Application Data\NMM-MetaData.db
[2009.03.01 17:38:26 | 00,000,506 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009.02.20 16:17:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009.02.11 19:57:21 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.02.01 10:39:02 | 00,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2009.02.01 10:39:01 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2009.01.26 18:53:53 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.01.26 18:53:52 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.01.25 16:16:54 | 02,351,616 | ---- | C] () -- C:\Documents and Settings\Viki\Local Settings\Application Data\cooliris-win-ie-release-1.9.1.17582.msi
[2009.01.24 14:07:46 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009.01.24 14:07:46 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009.01.24 13:19:50 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.24 12:36:44 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009.01.21 14:49:56 | 00,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.21 14:46:57 | 00,235,520 | ---- | C] () -- C:\Documents and Settings\Viki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.18 12:47:02 | 00,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008.06.18 12:46:50 | 00,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2007.03.29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003.08.07 13:01:52 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003.04.10 13:01:36 | 00,005,581 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.07.05 15:12:06 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

========== LOP Check ==========

[2009.01.24 10:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009.10.18 15:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009.01.24 10:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009.02.19 16:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.02.11 19:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009.05.25 17:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.01.31 08:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009.11.15 17:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.05.07 18:40:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.02.19 16:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\Audacity
[2009.01.24 12:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\F-Secure
[2009.11.09 05:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\Free Download Manager
[2009.03.08 10:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\Nokia
[2009.05.07 19:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\PC Suite
[2009.09.28 17:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\PhotoFrameShow
[2009.07.20 17:56:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\Techno Design IP
[2009.11.15 17:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\Thinstall
[2009.01.30 19:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\Uniblue
[2009.11.28 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Viki\Application Data\uTorrent
[2009.11.29 09:11:22 | 00,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

========== Purity Check ==========


< End of report >

ok,egyelore hagy ugy majd restartolod a vegen a gepet es meglasuk
csinald az OTLIST logot,

Nem tudom a daemont elindítani, ezt írja ki:
Initialization error.
This program requires at least Windows 2000 with SPTD 1.21 or higher.
Kernel debugger must be deactivated.

ok,bekapcsolhatod a DAEMONT visa_futasd a defoggert es klik_reenable
meg ide teszed az OTLIST2 program loglyat
OTListIt2>> OTL
-futasd
bepipazod
-Scan all users.
-Lop check.
-Purity check.
-Extra Registry>bepipazod>Use SafeList
- klik Run SCAN
-ide teszed
-OTL.txt (az asztalon lesz).
-Extras.txt [a talcan lesz]

Remélem így jó!

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/29 20:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: mbr.sys
Image Path: C:\DOCUME~1\Viki\LOCALS~1\Temp\mbr.sys
Address: 0xBA4A8000 Size: 20864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9CFFE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\program files\checkpoint\securemote\log\sr_service-002692.loginitial_ptr
Status: Size mismatch (API: 1360, Raw: 1356)

Path: c:\program files\checkpoint\securemote\log\sr_service-002692.logptr
Status: Size mismatch (API: 2640, Raw: 2632)

SSDT
-------------------
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfbc26

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfbc40

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfade4

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfb10c

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfab30

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfb53e

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfc7dc

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfb38e

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfa9b6

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfae18

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfaf92

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfa916

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfaa6c

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfaedc

Shadow SSDT
-------------------
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\UPC SmartGuard\HIPS\drivers\fshs.sys" at address 0xb6dfd38e

==EOF==