Eztet??
http://www.majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

Klikelj ere a linkre es varjal.

threat fire pc tools nagy nehezen letöltöttem,ha jó mást nem engedett letölteni

Eztet:

Nem tudom melyiket,Registri booster2?

Firewall+AV+Antispyware,de a legjob a jozan esz.Nemtoltunk le Cracot,pornot,Semi warez.Tehat a felelet igen.nem.
Meg futasd le azt a programot amit oda tetem es ted ide a logjat

Elvileg sikerült leszednie a programnak,van valami program amivel megelőzhetem(megnehezíthetem ) a rootkitek feltelepülését?

Ez a legkeveseb:
Tolds le az AVANGER progit:
http://swandog46.geekstogo.com/avenger.exe
Futasd>klik>ok>az ures ablakba kopirozd be a piros textet:

Klik> Execute. >YES>Megint >YES.a gep restartol magatol.Ha IE-vagy operat hasznalsz akor nezd meg ha a ketes pontok nemtavolodtak el a sor vegerol igy:Files to delete : es a sorok kozt se szabad nagyobb hezaknak lennie >ezrt beirhatod kezel is a textet>ha igen akor javtsd ki mert hezaknak nemszabad lenie,pontosan ugy nezen ki a text min it a piros text,mert akor az AVANGER HIBAT IR KI.
Aztan futasd le ezt a programot es az eredmenyt ted ide:
http://www.majorgeeks.com/Malwarebytes_ ... d5756.html
Letoltod>Feltelepited>automatikusan kene frisitenie ha nem akor klik>update>Aztan klik>Perform full scan>Aztan bepipazol minden meghajtot ami van>Ha a scen keszlesz akor klik>ok>kinyilik a log eztet ted ide.

Sajna nem találom a kijelölt fileokat,nem tudom visszakeresni,hasonló helyen talál az AVAST rootkitet,esetleg nincs valami program ami kiirtaná?

Eridj a VIrustotalra es teszteld le hogy lasam mirol van szo:
http://www.virustotal.com/hu/

C:\WINDOWS\TEMP\ZUM74.tmp\upgrade.exe
Az eredmenyt ted ide:

Stell mester azt hiszem gáz van,AVAST állandóan jelez egy rootkitet de nem tud vele mit kezdeni,és ha jól láttam a windowsban van,van valami ötleted mivel tudnám leszedni? Nem akartam engedélezni neki az indítás előtti törlést mert a múltkor is kivégezte a winfost.
C:\WINDOWS\TEMP\ZUM74.tmp\upgrade.exe

Szevasz:
Sunez cimbora az a velemenyem hogy csapdd a szemetbe.Mert csinal egy csomo gondot a gepel.

Stell mester ,Trojan Hunter programról véleményed? 2 trójait talált a gépen 7 file-ben.

En nemvagyok benne biztos csak az Avast jelezte ezert irtam hogy van.Ird ide hogy mijen programokal kerested a Rootkitett.
Udv

hello, megint én, képzeld 5 speciálisan rootkitre feljlesztett virusirtót letöltöttem és egyik sem talál semmit és csak azt akarom kérdeni h te biztosra tudod hogy benne van a gépünkbe?
előre is köszi

Ez a gepre bejohetet:
1:WAREZ
2:AZ XP>pirat telepitesel mar rajta van a lemezen.
3:PORNO oldalak.
A legjob virus irto az ESZ manapsag ovatosnak kell lenie az emberne.Az elso amit felkel telepiteni a Tuzfal+Virusirto.
Nincsen mit koszonod ha tudnak akor segitenek,de sajnos ez a hejzet.
UDV

de amugy ez hogy jött fel a gépre?

de télleg nagyon köszike a segitséget

nahh akkor vehetek egy vagyonért az is

Olvastam egy cikben hogy egy MEXIKOI gyereknek kiuritetek a bankszamlajat,ep ijen rootkitel,ujra formazta,es megintcsak kiuritetek,feltett mas op rendszert es ujra feleledt a rootkit.Muszaj volt neki mas Merevlemezet venie.Tehat az esejt nemtudom meg mondani a telepitesnel lekel formazni a lemezet es felrakni az Avastot es ha megint jelzi,akorr baj van.Meglatod,de most jut eszembe hogy mar en is talakoztam evel egy forumon es szinten muszaj volt uj merevlemezet venie a gyereknek,mert ujra eledet a Rootkit.Modjuk hogy 50%-50%

mennyi esélye van hogy ujra éled? most vettük a gépet

Igen muszaj csinalnod vele valamit,de mint mar irtam a ROOTKIT ujraeledhet.

akkor lehet hogy vissza tesszük rá a VISTA-t mert eredetileg az van a géphez

Ezt a ROOTKITET maskep nemlehet eltavolitani .Tehat Van a telepito lemezekbol anyi hogy meg aruljak is Es tanacsolom hogy minel hamarab csinald vagy kapcsold le magad a netrol mert ez igen veszejes ROOTKIT ha van internetbankszamlad akor egyketore kiuritik.

--

nincsen telepito CD-ROM??

--

Beteszed a telepito lemezet es restartolsz>bebootolod es amikor bejon az instalalas menu benyomod a R=REPAIR>vagy J=JAVITAS nemtudom hogy van a magyar windowson.beadod a jelszot>kivalasztod mejik Windowshoz akarsz jelenkezni>es a parancssorba beirodFixmbr.
De figyelmeztetlek hogy felelhet ujra ez a Rootkit.ugyhogy ha ujra eled akorr uj Merevlemez kell es ez megy a szemetbe.

merre felé keressem a konzolt?

A Rootkit a Master Boot recordban van.Tehat igy csinald:
1:Lemesza konzolara es beadod a Fixmbr parancsot
2:Vagy ujra telepited de elkel tavolitanod a particiokat a telepitesnel

hát ha arra gondolsz akkor WINDOWS XP

Ok_Mijen az OP-rendszer??

--

Ird ide mit irt az AVAST mert it ROOtkit nincsen lehet hogy virusok.Ha lehet pontos cimet es a nevet.

--

UDV:
Csomagold ki es ted az asztalra>futasd> gmer.exe. klik SCAN, Bevegzi KLIK COPY es ted ide.+HiJackThis logjat is.
http://www.gmer.net/gmer.zip

ok meg futasd azt a programot es teda logot a privatba

backstage250

Beirtam a privat uzenetbe hogy mit kel csinalnod.
Udv

Azt ne gondold hogy a combofix csodat tesz ez csak az elso lepes volt>latni szeretnem a combofix.txt.Ted a privat uzenetbe.

Sziasztok!

2 napig dolgoztam, így nem volt időm kipróbálni a Combofix-et, de most megtettem. Az IE továbbra is fagy...
Nem lehet, hogy vmi dll vagy más része, 1 vagy több apró file megsérült?

A kapcsolatoknál egész véletlenül nincs bepipálva a "proxykiszolgáló automatikus keresése"? Vedd ki, ha igen. Meg az IE bővítményekbe is bele kéne nézni.

Ok akor Fixeld le a proxit a HHiJackal.

Az IE még mindig fagy...ezt elfelejtettem beírni a log után...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:44, on 2008. 04. 21.
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
D:\Ericsson\BMS3331\Server\bmsService.exe
D:\Ericsson\BMS3331\Server\_jvm\bin\javaw.exe
C:\Program Files\Diva Client\divalog.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\ATK0100\Hcontrol.exe
C:\WINNT\system32\pctspk.exe
C:\Synaptics\SynTP\SynTPLpr.exe
C:\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\ICO.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINNT\vsnpstd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Diva Client\ditask.exe
C:\Program Files\Diva Client\cgserver.exe
C:\WINNT\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\RMClient\PMCTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.12.254:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiTask] C:\Program Files\Diva Client\ditask.exe
O4 - HKLM\..\Run: [CallGuard] C:\Program Files\Diva Client\cgserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: &Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BusinessPhone Management Suite (BMSService) - Ericsson Austria GmbH - D:\Ericsson\BMS3331\Server\bmsService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Eicon Diva Log Service (EiconDivaLogService) - Eicon Networks - C:\Program Files\Diva Client\divalog.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

--
End of file - 8368 bytes

A proxy a céges cucc miatt van/volt de nem sok már a jelentősége.

Ok Tolds le ezt a progit es futasd igy:

http://www.funkytoad.com/download/HostsXpert.zip
Klik a tlačítko Restore MS Hosts File a beleegyezes ok OK .
tanna pucold meg att CCleaneral.


Restart kiprobalni es megirni mivan.Restart es uj log.
Rz a PROXY direct van e??Settings,ProxyServer = 192.168.12.254:3128

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:32, on 2008. 04. 21.
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
D:\Ericsson\BMS3331\Server\bmsService.exe
D:\Ericsson\BMS3331\Server\_jvm\bin\javaw.exe
C:\Program Files\Diva Client\divalog.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\ATK0100\Hcontrol.exe
C:\WINNT\system32\pctspk.exe
C:\Synaptics\SynTP\SynTPLpr.exe
C:\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\ICO.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINNT\vsnpstd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Diva Client\ditask.exe
C:\Program Files\Diva Client\cgserver.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINNT\ATK0100\ATKOSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.12.254:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiTask] C:\Program Files\Diva Client\ditask.exe
O4 - HKLM\..\Run: [CallGuard] C:\Program Files\Diva Client\cgserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: &Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BusinessPhone Management Suite (BMSService) - Ericsson Austria GmbH - D:\Ericsson\BMS3331\Server\bmsService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Eicon Diva Log Service (EiconDivaLogService) - Eicon Networks - C:\Program Files\Diva Client\divalog.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

--
End of file - 8367 bytes


és megvolt a Messengerplus leinstall meg a reboot is...

Ok ezt a programot szed le a geprol.
C:\Program Files\MessengerPlus! 3\MsgPlus.exe"=ADWARE

Fixeld le a HIJACK progival> netevedj.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

Restart es adjal ide uj Logot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:58, on 2008. 04. 21.
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
D:\Ericsson\BMS3331\Server\bmsService.exe
D:\Ericsson\BMS3331\Server\_jvm\bin\javaw.exe
C:\Program Files\Diva Client\divalog.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\ATK0100\Hcontrol.exe
C:\WINNT\system32\pctspk.exe
C:\Synaptics\SynTP\SynTPLpr.exe
C:\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\ICO.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\vsnpstd2.exe
C:\WINNT\ATK0100\ATKOSD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Diva Client\ditask.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\RMClient\PMCTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
D:\TheBat\thebat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.12.254:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINNT\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiTask] C:\Program Files\Diva Client\ditask.exe
O4 - HKLM\..\Run: [CallGuard] C:\Program Files\Diva Client\cgserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: &Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BusinessPhone Management Suite (BMSService) - Ericsson Austria GmbH - D:\Ericsson\BMS3331\Server\bmsService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Eicon Diva Log Service (EiconDivaLogService) - Eicon Networks - C:\Program Files\Diva Client\divalog.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

--
End of file - 9329 bytes

sunez
ha megvan a másodlagos bejelentkezés szolgáltatás. arra rálépve (két katt), találsz olyan, hogy "indítás típus", azt állítsd át automatikusra, alatta meg az indítás gombbal elindítod és elvileg onnantól müxik...