Terminál Fórum https://forum.technokrata.hu/forum/ |
|
Vírus vagy mi lehet??? https://forum.technokrata.hu/forum/viewtopic.php?f=15&t=20774 |
Oldal: 8 / 35 |
Szerző: | stell [ szomb. márc. 19, 2011 14:46 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
En szerintem a gep a legnagyob renben van, itt nincsen semmi mas felhasznalo, vagy backdoor, de a biztonsag kedveert, futtasd le az AVPTOOL programot, es aztan ha lesz fertozes tedd ide a talaltakot. http://www.virus-stell.com/2010/04/avptool.html |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 14:43 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
All processes killed ========== OTL ========== ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kornél ->Temp folder emptied: 36526 bytes ->Temporary Internet Files folder emptied: 11038953 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1167 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4798 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 11,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03192011_143933 Files\Folders moved on Reboot... C:\Users\Kornél\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\F25D52F9-6D8B-4D32-BD36-023EC134A413.dat moved successfully. C:\Users\Kornél\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCUQ6KHN\ie7[1].css moved successfully. C:\Users\Kornél\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI4FL0F4\viewtopic[1].htm moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
Szerző: | stell [ szomb. márc. 19, 2011 14:29 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Masold be az also ablakba ezt es mosk KLIK-RUNFIX a logot tedd ide. :OTL :Commands [purity] [resethosts] [CreateRestorePoint] [emptytemp] [start explorer] [Reboot] |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 14:14 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
OTL.txt: 2/2 ========== Custom Scans ========== < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s > "DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) "SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) < c:\windows\*.* /U > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.15 17:48:16 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Adobe [2011.03.15 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\CyberLink [2011.03.16 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\DAEMON Tools Lite [2011.03.18 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\DMCache [2011.03.15 17:14:25 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\GHISLER [2011.03.15 17:03:18 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Identities [2011.03.17 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\IDM [2011.03.15 18:20:43 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\IrfanView [2011.03.15 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Macromedia [2010.11.21 14:37:25 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Media Center Programs [2011.03.18 00:28:33 | 000,000,000 | --SD | M] -- C:\Users\Kornél\AppData\Roaming\Microsoft [2011.03.15 21:09:46 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Mozilla [2011.03.19 09:42:24 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Nero [2011.03.17 19:06:46 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\NVIDIA [2011.03.15 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Nvu [2011.03.16 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\River Past G4 [2011.03.15 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Syntrillium [2011.03.17 22:20:10 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\uTorrent [2011.03.17 07:18:11 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Vso [2011.03.15 18:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Win7codecs [2011.03.15 21:37:05 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Windows Live Writer [2011.03.15 18:00:43 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.25 21:08:43 | 000,342,365 | ---- | M] () -- C:\Users\Kornél\AppData\Roaming\Nero\Uninstall.exe < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: AUTOCHK.EXE > [2010.11.20 22:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe [2010.11.20 22:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe < MD5 for: CDROM.SYS > [2010.11.20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010.11.20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010.11.20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: CRYPTSVC.DLL > [2010.11.20 22:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\ERDNT\cache\cryptsvc.dll [2010.11.20 22:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\System32\cryptsvc.dll [2010.11.20 22:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll < MD5 for: EXPLORER.EXE > [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe < MD5 for: HAL.DLL > [2010.11.20 22:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll [2010.11.20 22:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll < MD5 for: IASTORV.SYS > [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: ISAPNP.SYS > [2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys [2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys [2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys < MD5 for: LSASS.EXE > [2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\ERDNT\cache\lsass.exe [2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe [2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe < MD5 for: NDIS.SYS > [2010.11.20 22:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys [2010.11.20 22:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010.11.20 22:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVRAID.SYS > [2010.11.20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\drivers\nvraid.sys [2010.11.20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys [2010.11.20 22:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys < MD5 for: NVSTOR.SYS > [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: SMSS.EXE > [2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe [2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe < MD5 for: SVCHOST.EXE > [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe < MD5 for: TCPIP.SYS > [2010.11.20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\ERDNT\cache\tcpip.sys [2010.11.20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\System32\drivers\tcpip.sys [2010.11.20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2_32.DLL > [2010.11.20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\ERDNT\cache\ws2_32.dll [2010.11.20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll [2010.11.20 22:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c > No captured output from command... < reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c > No captured output from command... < reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c > No captured output from command... < %systemroot%\system32\drivers\*.sys /3 > < %systemroot%\system32\*.* /3 > [2011.03.19 08:22:09 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.19 08:22:09 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.19 14:04:09 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.19 14:04:09 | 000,148,262 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2011.03.19 14:04:09 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.19 14:04:09 | 000,640,158 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2011.03.19 14:04:09 | 001,505,620 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI < End of report > |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 14:13 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
OTL.txt: 1/2 OTL logfile created on: 2011.03.19. 14:00:58 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kornél\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 202,30 Gb Free Space | 86,90% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 33,40 Gb Free Space | 89,63% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 173,46 Gb Free Space | 18,62% Space Free | Partition Type: NTFS Computer Name: KORNÉL-PC | User Name: Kornél | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2011.03.19 12:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kornél\Desktop\OTL.exe PRC - [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (SafeList) ========== MOD - [2011.03.19 12:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kornél\Desktop\OTL.exe MOD - [2010.11.20 22:29:06 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.02.23 16:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV - [2011.03.15 18:28:39 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.02.23 15:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.02.23 15:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.02.23 14:34:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis) DRV - [2011.01.25 11:40:06 | 000,085,768 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP) DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.17 21:29:20 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/15 18:16:48] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2009.06.10 10:26:24 | 001,169,920 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerA706.sys -- (AVerA706) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-181883935-1493694465-2419270532-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startlap.hu/ IE - HKU\S-1-5-21-181883935-1493694465-2419270532-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 00:12:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 00:12:53 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.03.19 08:41:35 | 000,431,212 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14840 more lines... O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.) O4 - HKU\S-1-5-21-181883935-1493694465-2419270532-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-181883935-1493694465-2419270532-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citro Ticker.lnk = C:\Program Files\Citro Ticker\Ticker.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-181883935-1493694465-2419270532-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-181883935-1493694465-2419270532-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: FLV videó tartalmának letöltése IDM-rel - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Letöltés IDM-rel - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Összes link letöltése IDM-rel - C:\Program Files\Internet Download Manager\IEGetAll.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.66.85.120 85.67.159.35 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () ========== Files/Folders - Created Within 7 Days ========== [2011.03.19 12:17:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kornél\Desktop\OTL.exe [2011.03.19 11:58:18 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kornél\Desktop\tdsskiller.exe [2011.03.19 10:30:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.03.19 10:02:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.03.19 10:02:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.03.19 10:02:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.03.19 10:02:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.19 10:02:23 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.03.19 10:00:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.03.19 09:58:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.03.19 09:26:20 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Local\Cyberlink [2011.03.19 08:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.03.19 08:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.03.19 08:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.03.19 08:39:19 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Local\GHISLER [2011.03.19 08:17:04 | 000,000,000 | ---D | C] -- C:\Users\Kornél\Desktop\SWRegfolder [2011.03.18 00:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.03.18 00:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2011.03.18 00:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011.03.18 00:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.03.17 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\Kornél\Documents\Nero Recode [2011.03.17 23:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2011.03.17 23:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode [2011.03.17 23:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Nero Recode 4.6.10900 [2011.03.17 19:06:46 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\NVIDIA [2011.03.16 23:41:39 | 000,000,000 | ---D | C] -- C:\Users\Kornél\Documents\ConvertXToDVD [2011.03.16 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\River Past G4 [2011.03.16 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\nandub-binary-1.0rc2 [2011.03.16 12:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo [2011.03.16 12:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVR 3 [2011.03.16 12:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo [2011.03.16 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo [2011.03.16 11:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.03.16 11:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011.03.15 21:37:05 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Windows Live Writer [2011.03.15 21:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2011.03.15 21:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2011.03.15 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\IDM [2011.03.15 21:10:45 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\DMCache [2011.03.15 21:10:43 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager [2011.03.15 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager [2011.03.15 21:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager [2011.03.15 21:09:46 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Nvu [2011.03.15 21:09:46 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Mozilla [2011.03.15 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu [2011.03.15 21:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu [2011.03.15 21:08:02 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Nero [2011.03.15 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2011.03.15 21:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2011.03.15 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2011.03.15 18:50:01 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Macromedia [2011.03.15 18:49:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011.03.15 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool [2011.03.15 18:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011.03.15 18:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.03.15 18:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.03.15 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.03.15 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011.03.15 18:33:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.03.15 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011.03.15 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.03.15 18:31:58 | 000,000,000 | R--D | C] -- C:\MSOCache [2011.03.15 18:28:39 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys [2011.03.15 18:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.03.15 18:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011.03.15 18:27:58 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\DAEMON Tools Lite [2011.03.15 18:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.03.15 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2011.03.15 18:20:43 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\IrfanView [2011.03.15 18:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2011.03.15 18:17:59 | 000,000,000 | ---D | C] -- C:\Users\Kornél\Documents\CyberLink [2011.03.15 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\CyberLink [2011.03.15 18:17:56 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD Ultra 10 [2011.03.15 18:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2011.03.15 18:16:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10 [2011.03.15 18:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink [2011.03.15 18:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2011.03.15 18:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter [2011.03.15 18:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011.03.15 18:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2011.03.15 18:05:56 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\uTorrent [2011.03.15 18:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs [2011.03.15 18:05:20 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Win7codecs [2011.03.15 18:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Win7codecs [2011.03.15 18:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs [2011.03.15 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.03.15 18:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.03.15 18:02:23 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citro Ticker [2011.03.15 18:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Citro Ticker [2011.03.15 18:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.03.15 18:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.03.15 18:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\VobBlanker_2130 [2011.03.15 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\WinRAR [2011.03.15 18:00:12 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.15 18:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.03.15 18:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.03.15 17:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV to AC3 Encoder (Win32 Unicode) [2011.03.15 17:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\WAV to AC3 Encoder (Win32 Unicode) [2011.03.15 17:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtualDub 1.7.8 [2011.03.15 17:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDub 1.7.8 [2011.03.15 17:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\River Past G4 [2011.03.15 17:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\River Past [2011.03.15 17:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\River Past [2011.03.15 17:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\River Past [2011.03.15 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PgcDemux 1205 [2011.03.15 17:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\PgcDemux 1205 [2011.03.15 17:57:49 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IfoEdit v0.971 hu [2011.03.15 17:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\IfoEdit [2011.03.15 17:57:12 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\URUSoft [2011.03.15 17:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft [2011.03.15 17:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft [2011.03.15 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2011.03.15 17:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink [2011.03.15 17:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink [2011.03.15 17:52:47 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Syntrillium [2011.03.15 17:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.1 [2011.03.15 17:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2 [2011.03.15 17:49:28 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Vso [2011.03.15 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO [2011.03.15 17:49:14 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll [2011.03.15 17:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\VSO [2011.03.15 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Adobe [2011.03.15 17:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.03.15 17:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.03.15 17:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.03.15 17:43:52 | 000,000,000 | ---D | C] -- C:\Users\Kornél\Desktop\Audió & Videó [2011.03.15 17:27:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011.03.15 17:27:07 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011.03.15 17:27:07 | 001,738,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2011.03.15 17:27:07 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011.03.15 17:27:07 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011.03.15 17:27:07 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011.03.15 17:27:07 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011.03.15 17:27:06 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2011.03.15 17:27:06 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2011.03.15 17:27:06 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll [2011.03.15 17:27:06 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2011.03.15 17:27:06 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2011.03.15 17:27:06 | 000,073,552 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll [2011.03.15 17:27:06 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll [2011.03.15 17:27:06 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2011.03.15 17:27:05 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011.03.15 17:27:05 | 001,316,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2011.03.15 17:27:05 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2011.03.15 17:27:05 | 000,253,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2011.03.15 17:27:05 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2011.03.15 17:27:05 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011.03.15 17:27:05 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011.03.15 17:27:04 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2011.03.15 17:27:04 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2011.03.15 17:27:04 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2011.03.15 17:27:04 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2011.03.15 17:27:04 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2011.03.15 17:27:04 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2011.03.15 17:27:04 | 000,299,424 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2011.03.15 17:27:04 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2011.03.15 17:27:04 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2011.03.15 17:27:04 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2011.03.15 17:27:04 | 000,104,672 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2011.03.15 17:27:04 | 000,104,672 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2011.03.15 17:27:04 | 000,104,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2011.03.15 17:27:04 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011.03.15 17:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.03.15 17:26:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2011.03.15 17:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011.03.15 17:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.03.15 17:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.03.15 17:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.03.15 17:24:39 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.03.15 17:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.03.15 17:23:19 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.03.15 17:18:18 | 000,101,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2011.03.15 17:18:18 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.03.15 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2011.03.15 17:18:17 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.03.15 17:18:10 | 000,192,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2011.03.15 17:18:10 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.03.15 17:18:09 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.03.15 17:18:09 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.03.15 17:18:08 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.03.15 17:17:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.03.15 17:17:39 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.03.15 17:17:39 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys [2011.03.15 17:17:38 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.03.15 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.03.15 17:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011.03.15 17:14:25 | 000,000,000 | ---D | C] -- C:\totalcmd [2011.03.15 17:14:25 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011.03.15 17:14:25 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\GHISLER [2011.03.15 17:03:27 | 000,000,000 | R--D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.03.15 17:03:27 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Searches [2011.03.15 17:03:27 | 000,000,000 | R--D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.03.15 17:03:27 | 000,000,000 | -H-D | C] -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011.03.15 17:03:18 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Identities [2011.03.15 17:03:16 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Contacts [2011.03.15 17:03:10 | 000,000,000 | --SD | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Videos [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Saved Games [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Pictures [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Music [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Links [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Favorites [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Downloads [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Documents [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\Desktop [2011.03.15 17:03:10 | 000,000,000 | R--D | C] -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Documents\Zene [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Documents\Videók [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\AppData\Local\Temporary Internet Files [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Start Menu [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\SendTo [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Sablonok [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Recent [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\PrintHood [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\NetHood [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Local Settings [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Documents\Képek [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\AppData\Local\History [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Dokumentumok [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Cookies [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\Application Data [2011.03.15 17:03:10 | 000,000,000 | -HSD | C] -- C:\Users\Kornél\AppData\Local\Application Data [2011.03.15 17:03:10 | 000,000,000 | -H-D | C] -- C:\Users\Kornél\AppData [2011.03.15 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Local\Temp [2011.03.15 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Local\Microsoft [2011.03.15 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Kornél\AppData\Roaming\Media Center Programs [2011.03.15 17:02:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Zene [2011.03.15 17:02:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Videók [2011.03.15 17:02:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Sablonok [2011.03.15 17:02:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Képek [2011.03.15 17:02:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumentumok [2011.03.15 17:02:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Asztal [2011.03.15 17:02:59 | 000,000,000 | ---D | C] -- C:\Recovery [2011.03.15 15:49:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.03.15 15:47:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.03.15 15:46:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.03.15 15:45:49 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.02.03 23:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll ========== Files - Modified Within 7 Days ========== [2011.03.19 13:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.19 13:59:48 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2011.03.19 12:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kornél\Desktop\OTL.exe [2011.03.19 11:58:24 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kornél\Desktop\tdsskiller.exe [2011.03.19 11:21:18 | 000,301,568 | ---- | M] () -- C:\Users\Kornél\Desktop\1fk1ppwi.exe [2011.03.19 09:57:52 | 004,290,961 | R--- | M] () -- C:\Users\Kornél\Desktop\ComboFix.exe [2011.03.19 08:41:35 | 000,431,212 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.03.19 08:39:36 | 000,001,216 | ---- | M] () -- C:\Users\Kornél\Desktop\Spybot - Search & Destroy.lnk [2011.03.19 08:22:09 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.19 08:22:09 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.19 08:19:18 | 000,640,158 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2011.03.19 08:19:18 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.19 08:19:18 | 000,148,262 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2011.03.19 08:19:18 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.17 23:38:58 | 000,001,533 | ---- | M] () -- C:\Users\Kornél\Desktop\NeroRecode parancsikonja.lnk [2011.03.17 23:08:10 | 000,000,241 | ---- | M] () -- C:\Windows\IfoEdit.INI [2011.03.17 07:18:10 | 000,001,057 | ---- | M] () -- C:\Users\Kornél\AppData\Roaming\vso_ts_preview.xml [2011.03.16 12:24:16 | 000,002,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2011.03.16 12:24:16 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\InterVideo WinDVR 3.lnk [2011.03.16 11:46:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.15 21:09:44 | 000,000,851 | ---- | M] () -- C:\Users\Kornél\Desktop\Nvu.lnk [2011.03.15 21:08:01 | 000,002,419 | ---- | M] () -- C:\Users\Kornél\Desktop\Nero Express.lnk [2011.03.15 18:48:27 | 000,001,433 | ---- | M] () -- C:\Users\Kornél\Desktop\Internet Explorer.lnk [2011.03.15 18:48:27 | 000,001,427 | ---- | M] () -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011.03.15 18:44:13 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.03.15 18:39:19 | 000,286,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.15 18:34:50 | 000,000,382 | ---- | M] () -- C:\Windows\ODBC.INI [2011.03.15 18:17:56 | 000,097,059 | ---- | M] () -- C:\Windows\CyberLink PowerDVD Ultra 10 Uninstaller.exe [2011.03.15 18:16:47 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk [2011.03.15 18:06:24 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011.03.15 18:02:23 | 000,001,887 | ---- | M] () -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citro Ticker.lnk [2011.03.15 18:02:23 | 000,001,875 | ---- | M] () -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\Citro Ticker.lnk [2011.03.15 17:58:34 | 000,161,496 | ---- | M] () -- C:\Windows\Audio Converter Pro Uninstaller.exe [2011.03.15 17:18:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.03.15 17:14:26 | 000,000,632 | ---- | M] () -- C:\Users\Kornél\Desktop\Total Commander.lnk [2011.03.15 15:49:46 | 000,224,133 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2011.03.19 11:21:18 | 000,301,568 | ---- | C] () -- C:\Users\Kornél\Desktop\1fk1ppwi.exe [2011.03.19 10:02:58 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.19 10:02:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.19 10:02:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.19 10:02:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.19 10:02:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.03.19 09:57:24 | 004,290,961 | R--- | C] () -- C:\Users\Kornél\Desktop\ComboFix.exe [2011.03.19 08:39:36 | 000,001,216 | ---- | C] () -- C:\Users\Kornél\Desktop\Spybot - Search & Destroy.lnk [2011.03.17 23:38:58 | 000,001,533 | ---- | C] () -- C:\Users\Kornél\Desktop\NeroRecode parancsikonja.lnk [2011.03.16 12:24:16 | 000,002,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2011.03.16 12:24:16 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\InterVideo WinDVR 3.lnk [2011.03.16 12:24:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011.03.16 12:24:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011.03.16 12:24:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011.03.16 12:24:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011.03.16 12:24:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011.03.16 12:24:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2011.03.16 11:46:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.15 21:34:17 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2011.03.15 21:09:44 | 000,000,851 | ---- | C] () -- C:\Users\Kornél\Desktop\Nvu.lnk [2011.03.15 21:08:44 | 000,002,419 | ---- | C] () -- C:\Users\Kornél\Desktop\Nero Express.lnk [2011.03.15 18:49:30 | 000,001,433 | ---- | C] () -- C:\Users\Kornél\Desktop\Internet Explorer.lnk [2011.03.15 18:44:13 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.03.15 18:34:49 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.15 18:17:56 | 000,097,059 | ---- | C] () -- C:\Windows\CyberLink PowerDVD Ultra 10 Uninstaller.exe [2011.03.15 18:16:47 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk [2011.03.15 18:06:24 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011.03.15 18:02:23 | 000,001,887 | ---- | C] () -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citro Ticker.lnk [2011.03.15 18:02:23 | 000,001,875 | ---- | C] () -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\Citro Ticker.lnk [2011.03.15 17:58:34 | 000,161,496 | ---- | C] () -- C:\Windows\Audio Converter Pro Uninstaller.exe [2011.03.15 17:58:04 | 000,000,241 | ---- | C] () -- C:\Windows\IfoEdit.INI [2011.03.15 17:49:29 | 000,001,057 | ---- | C] () -- C:\Users\Kornél\AppData\Roaming\vso_ts_preview.xml [2011.03.15 17:47:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.03.15 17:24:39 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.03.15 17:14:26 | 000,000,632 | ---- | C] () -- C:\Users\Kornél\Desktop\Total Commander.lnk [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011.03.15 17:14:25 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011.03.15 17:09:15 | 000,001,427 | ---- | C] () -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011.03.15 17:03:28 | 000,001,433 | ---- | C] () -- C:\Users\Kornél\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.03.15 17:03:10 | 000,000,290 | ---- | C] () -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011.03.15 17:03:10 | 000,000,272 | ---- | C] () -- C:\Users\Kornél\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011.03.15 15:49:32 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.03.15 15:49:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.03.15 15:46:43 | 1610,113,024 | -HS- | C] () -- C:\hiberfil.sys [2010.12.29 01:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.11.21 14:28:50 | 000,640,158 | ---- | C] () -- C:\Windows\System32\perfh00E.dat [2010.11.21 14:28:50 | 000,287,518 | ---- | C] () -- C:\Windows\System32\perfi00E.dat [2010.11.21 14:28:50 | 000,148,262 | ---- | C] () -- C:\Windows\System32\perfc00E.dat [2010.11.21 14:28:50 | 000,048,094 | ---- | C] () -- C:\Windows\System32\perfd00E.dat [2010.06.23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.03.15 04:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,286,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.04.02 05:44:44 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== LOP Check ========== [2011.03.16 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\DAEMON Tools Lite [2011.03.18 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\DMCache [2011.03.15 17:14:25 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\GHISLER [2011.03.17 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\IDM [2011.03.15 18:20:43 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\IrfanView [2011.03.15 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Nvu [2011.03.16 21:34:20 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\River Past G4 [2011.03.17 22:20:10 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\uTorrent [2011.03.17 07:18:11 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Vso [2011.03.15 18:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Win7codecs [2011.03.15 21:37:05 | 000,000,000 | ---D | M] -- C:\Users\Kornél\AppData\Roaming\Windows Live Writer [2009.07.14 05:53:46 | 000,005,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 14:11 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
na így **** volt. az eredmény. Extras.txt: OTL Extras logfile created on: 2011.03.19. 14:00:58 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kornél\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 202,30 Gb Free Space | 86,90% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 33,40 Gb Free Space | 89,63% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 173,46 Gb Free Space | 18,62% Space Free | Partition Type: NTFS Computer Name: KORNÉL-PC | User Name: Kornél | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 7 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-040E-0000-0000000FF1CE}" = Kompatibilitási csomag a 2007-es Office rendszerhez "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1038-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Hungarian "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision illesztőprogram 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Vezérlőpult 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikus illesztőprogram 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX rendszerszoftver 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348 "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FD031145-2925-3FEF-9A4E-64047AAD8951}" = Microsoft .NET Framework 4 Client Profile HUN Language Pack "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Audio Converter Pro" = River Past Audio Converter Pro "avast" = avast! Internet Security "CCleaner" = CCleaner "Cool Edit Pro 2.1" = Cool Edit Pro 2.1 "CyberLink PowerDVD Ultra 10" = CyberLink PowerDVD Ultra 10 "DivX Setup.divx.com" = DivX Setup "DVD Shrink_is1" = DVD Shrink 3.2 "IfoEdit v0.971 hu" = IfoEdit v0.971 hu "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Internet Download Manager" = Internet Download Manager "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile HUN Language Pack" = A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Nvu_is1" = Nvu 1.0PR "PgcDemux 1205" = PgcDemux 1205 "SubtitleWorkshop" = Subtitle Workshop 2.51 "Totalcmd" = Total Commander (Remove or Repair) "uTorrent" = µTorrent "VirtualDub 1.7.8" = VirtualDub 1.7.8 "WAV to AC3 Encoder (Win32 Unicode)_is1" = WAV to AC3 Encoder 1.1 (Win32 Unicode) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiváló ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2011.03.15. 13:05:33 | Computer Name = Kornél-PC | Source = Application Error | ID = 1000 Description = A hibát okozó alkalmazás neve: iexplore.exe, verzió: 8.0.7601.17514, időbélyeg: 0x4ce79912 A hibát okozó modul neve: msxml3.dll, verzió: 8.110.7601.17514, időbélyeg: 0x4ce7b8e9 Kivételkód: 0xc0000005 Hiba pozíciója: 0x0002e64f A hibát okozó folyamat azonosítója: 0xb7c A hibát okozó alkalmazás indításának időpontja: 0x01cbe3332f6faf99 A hibát okozó alkalmazás elérési útja: C:\Program Files\Internet Explorer\iexplore.exe A hibát okozó modul elérési útja: C:\Windows\System32\msxml3.dll Jelentés azonosítója: 6fc87e59-4f26-11e0-ad82-001d926bb822 Error - 2011.03.15. 13:28:24 | Computer Name = Kornél-PC | Source = VSS | ID = 8194 Description = Error - 2011.03.15. 13:28:42 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = Error - 2011.03.15. 13:40:44 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = Error - 2011.03.15. 13:49:30 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = Error - 2011.03.15. 14:34:02 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = Error - 2011.03.15. 16:31:41 | Computer Name = Kornél-PC | Source = VSS | ID = 8194 Description = Error - 2011.03.16. 5:53:29 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = Error - 2011.03.19. 3:16:22 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = Error - 2011.03.19. 9:01:32 | Computer Name = Kornél-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2011.03.19. 9:00:24 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:00:24 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:02:10 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:02:10 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:02:10 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:07:10 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:07:10 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:07:10 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:09:17 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 Error - 2011.03.19. 9:09:17 | Computer Name = Kornél-PC | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%1068 < End of report > |
Szerző: | stell [ szomb. márc. 19, 2011 13:56 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Menj le csokkentet modba, a halozattal>>es csinald meg ott. |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 13:53 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
most is ugyan az van. nem csinálja meg. valami ötlet? nem lehetne valahogy kiírtani azt a szemét trójait? |
Szerző: | stell [ szomb. márc. 19, 2011 13:33 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Igen, Ezt a kek textet az also ablakba es klik RUNSCAN netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys autochk.exe /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 13:26 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Azt a kódot amit te küldtél, másoljam be? |
Szerző: | stell [ szomb. márc. 19, 2011 13:20 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Na mert valamit nem jolcsinalsz. Nyisd ki az OTL progit, ahol KEK felirat van pipazd be,a tobbit hagyad ugy Klikelj az Kód: Egész kijelölése es masold be az also ablakba Aztan csak klikelj a Gombra>>feliratra>>RUNSCAN>.es varod a logokat. |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 12:57 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Valami nem oké. Hol az a v sekcio, és milyen textet rakjak be az ablakába? Ebből (Use SafeList) van 6 darab is, és mind be van pipálva, és van alul egy ablak ahova lehet írni. oda bemásoltam amit idde ollóztál az előző üzeneted alá. arról lenne szó? ha igen, akkor valami nem jól működik, mert nem hozza létre a txt fájlokat amit írtál, hanem a következőt írja ki: Cannot create file C:\Users\Kornél\Desktop\cmd.bat. vélemény? |
Szerző: | stell [ szomb. márc. 19, 2011 12:06 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Igen, ez is renben van, tehat johet az utolso vizsgalt> Letolteni az asztalra>OTListIt2>> http://oldtimer.geekstogo.com/OTL.exe -Futatni - file age at valtoztani 30 > 7day ra. -bepipazni -Scan all users. -Lop check. -Purity check. -v sekciobaExtra Registry>bepotyozni>Use SafeList -az ablakjaba -customscan/fixes masold be a textet-es klik RUNSCAN -5-10 perc mulva add logot tedd ide -OTL.txt (az asztalon lesz). -exras.txt-a talcan lesz. Kód: netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys autochk.exe /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 12:00 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Report: 2011/03/19 11:59:02.0869 2896 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/19 11:59:04.0874 2896 ================================================================================ 2011/03/19 11:59:04.0874 2896 SystemInfo: 2011/03/19 11:59:04.0874 2896 2011/03/19 11:59:04.0875 2896 OS Version: 6.1.7601 ServicePack: 1.0 2011/03/19 11:59:04.0875 2896 Product type: Workstation 2011/03/19 11:59:04.0875 2896 ComputerName: KORNÉL-PC 2011/03/19 11:59:04.0875 2896 UserName: Kornél 2011/03/19 11:59:04.0875 2896 Windows directory: C:\Windows 2011/03/19 11:59:04.0875 2896 System windows directory: C:\Windows 2011/03/19 11:59:04.0875 2896 Processor architecture: Intel x86 2011/03/19 11:59:04.0875 2896 Number of processors: 2 2011/03/19 11:59:04.0875 2896 Page size: 0x1000 2011/03/19 11:59:04.0875 2896 Boot type: Normal boot 2011/03/19 11:59:04.0875 2896 ================================================================================ 2011/03/19 11:59:08.0829 2896 Initialize success 2011/03/19 11:59:14.0610 3688 ================================================================================ 2011/03/19 11:59:14.0610 3688 Scan started 2011/03/19 11:59:14.0610 3688 Mode: Manual; 2011/03/19 11:59:14.0610 3688 ================================================================================ 2011/03/19 11:59:15.0631 3688 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/03/19 11:59:15.0663 3688 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/03/19 11:59:15.0696 3688 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/03/19 11:59:15.0733 3688 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 2011/03/19 11:59:15.0766 3688 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 2011/03/19 11:59:15.0789 3688 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 2011/03/19 11:59:15.0833 3688 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys 2011/03/19 11:59:15.0862 3688 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/03/19 11:59:15.0895 3688 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 2011/03/19 11:59:15.0938 3688 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/03/19 11:59:15.0956 3688 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/03/19 11:59:15.0983 3688 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/03/19 11:59:16.0012 3688 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 2011/03/19 11:59:16.0033 3688 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys 2011/03/19 11:59:16.0073 3688 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 2011/03/19 11:59:16.0095 3688 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 2011/03/19 11:59:16.0124 3688 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 2011/03/19 11:59:16.0164 3688 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/03/19 11:59:16.0228 3688 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 2011/03/19 11:59:16.0391 3688 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 2011/03/19 11:59:16.0439 3688 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys 2011/03/19 11:59:16.0488 3688 aswFW (1ad83bfec454d43992a5b4333abc8769) C:\Windows\system32\drivers\aswFW.sys 2011/03/19 11:59:16.0520 3688 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys 2011/03/19 11:59:16.0546 3688 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys 2011/03/19 11:59:16.0573 3688 aswNdis2 (892e24024f23b9fdeffeddddffbaf1ea) C:\Windows\system32\drivers\aswNdis2.sys 2011/03/19 11:59:16.0599 3688 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys 2011/03/19 11:59:16.0632 3688 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys 2011/03/19 11:59:16.0675 3688 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys 2011/03/19 11:59:16.0710 3688 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys 2011/03/19 11:59:16.0752 3688 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/19 11:59:16.0780 3688 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/03/19 11:59:16.0868 3688 AVerA706 (48afe225a6a9bf9d2b57de932aa0d3d7) C:\Windows\system32\DRIVERS\AVerA706.sys 2011/03/19 11:59:16.0941 3688 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 2011/03/19 11:59:16.0985 3688 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/03/19 11:59:17.0029 3688 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/03/19 11:59:17.0065 3688 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/03/19 11:59:17.0089 3688 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/19 11:59:17.0106 3688 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 2011/03/19 11:59:17.0126 3688 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 2011/03/19 11:59:17.0162 3688 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/03/19 11:59:17.0182 3688 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/03/19 11:59:17.0203 3688 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/03/19 11:59:17.0222 3688 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/03/19 11:59:17.0256 3688 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys 2011/03/19 11:59:17.0440 3688 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/19 11:59:17.0480 3688 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/19 11:59:17.0510 3688 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 2011/03/19 11:59:17.0548 3688 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/03/19 11:59:17.0586 3688 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys 2011/03/19 11:59:17.0613 3688 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/03/19 11:59:17.0645 3688 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/03/19 11:59:17.0675 3688 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys 2011/03/19 11:59:17.0697 3688 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/03/19 11:59:17.0739 3688 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 2011/03/19 11:59:17.0791 3688 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/03/19 11:59:17.0827 3688 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/03/19 11:59:17.0863 3688 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys 2011/03/19 11:59:17.0935 3688 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/03/19 11:59:17.0972 3688 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/19 11:59:18.0077 3688 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 2011/03/19 11:59:18.0174 3688 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 2011/03/19 11:59:18.0207 3688 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/03/19 11:59:18.0243 3688 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/03/19 11:59:18.0271 3688 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/03/19 11:59:18.0309 3688 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/19 11:59:18.0355 3688 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/03/19 11:59:18.0394 3688 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/03/19 11:59:18.0418 3688 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/19 11:59:18.0444 3688 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/03/19 11:59:18.0477 3688 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/03/19 11:59:18.0504 3688 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/19 11:59:18.0529 3688 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/03/19 11:59:18.0563 3688 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 2011/03/19 11:59:18.0591 3688 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/03/19 11:59:18.0641 3688 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/03/19 11:59:18.0666 3688 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/19 11:59:18.0687 3688 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 2011/03/19 11:59:18.0708 3688 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys 2011/03/19 11:59:18.0749 3688 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 2011/03/19 11:59:18.0777 3688 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/03/19 11:59:18.0821 3688 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/03/19 11:59:18.0864 3688 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/03/19 11:59:18.0908 3688 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/03/19 11:59:18.0932 3688 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/19 11:59:18.0957 3688 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 2011/03/19 11:59:19.0026 3688 IDMWFP (a99b28d267c4d661d976975db9c6726f) C:\Windows\system32\DRIVERS\idmwfp.sys 2011/03/19 11:59:19.0060 3688 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 2011/03/19 11:59:19.0178 3688 IntcAzAudAddService (441a9adce9394e18ff6c23f77c983c04) C:\Windows\system32\drivers\RTKVHDA.sys 2011/03/19 11:59:19.0257 3688 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/03/19 11:59:19.0289 3688 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/19 11:59:19.0318 3688 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/19 11:59:19.0341 3688 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/03/19 11:59:19.0362 3688 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/03/19 11:59:19.0401 3688 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/03/19 11:59:19.0420 3688 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/03/19 11:59:19.0455 3688 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/03/19 11:59:19.0489 3688 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/19 11:59:19.0524 3688 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/03/19 11:59:19.0554 3688 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/19 11:59:19.0574 3688 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/03/19 11:59:19.0635 3688 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/19 11:59:19.0677 3688 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 2011/03/19 11:59:19.0698 3688 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 2011/03/19 11:59:19.0724 3688 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 2011/03/19 11:59:19.0743 3688 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 2011/03/19 11:59:19.0768 3688 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/03/19 11:59:19.0796 3688 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 2011/03/19 11:59:19.0818 3688 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 2011/03/19 11:59:19.0855 3688 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/03/19 11:59:19.0892 3688 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/19 11:59:19.0914 3688 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/19 11:59:19.0941 3688 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys 2011/03/19 11:59:19.0962 3688 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/03/19 11:59:19.0984 3688 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/03/19 11:59:20.0006 3688 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/19 11:59:20.0040 3688 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/03/19 11:59:20.0064 3688 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/19 11:59:20.0086 3688 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/19 11:59:20.0107 3688 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/19 11:59:20.0138 3688 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/03/19 11:59:20.0163 3688 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/03/19 11:59:20.0223 3688 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/03/19 11:59:20.0251 3688 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/03/19 11:59:20.0278 3688 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/03/19 11:59:20.0349 3688 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/19 11:59:20.0380 3688 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/19 11:59:20.0396 3688 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/03/19 11:59:20.0443 3688 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/03/19 11:59:20.0474 3688 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/19 11:59:20.0490 3688 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/03/19 11:59:20.0505 3688 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 2011/03/19 11:59:20.0521 3688 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/03/19 11:59:20.0568 3688 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/19 11:59:20.0615 3688 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/03/19 11:59:20.0646 3688 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/03/19 11:59:20.0677 3688 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/19 11:59:20.0708 3688 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/19 11:59:20.0724 3688 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/19 11:59:20.0755 3688 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/03/19 11:59:20.0771 3688 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/19 11:59:20.0802 3688 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/19 11:59:20.0865 3688 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 2011/03/19 11:59:20.0880 3688 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/03/19 11:59:20.0912 3688 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/19 11:59:20.0974 3688 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 2011/03/19 11:59:21.0021 3688 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/03/19 11:59:21.0255 3688 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/03/19 11:59:21.0458 3688 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 2011/03/19 11:59:21.0490 3688 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 2011/03/19 11:59:21.0537 3688 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/03/19 11:59:21.0552 3688 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/03/19 11:59:21.0599 3688 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys 2011/03/19 11:59:21.0615 3688 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/03/19 11:59:21.0646 3688 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys 2011/03/19 11:59:21.0677 3688 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/03/19 11:59:21.0708 3688 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/03/19 11:59:21.0740 3688 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 2011/03/19 11:59:21.0755 3688 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/03/19 11:59:21.0787 3688 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/03/19 11:59:21.0880 3688 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/19 11:59:21.0912 3688 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 2011/03/19 11:59:21.0958 3688 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/19 11:59:22.0005 3688 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 2011/03/19 11:59:22.0052 3688 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 2011/03/19 11:59:22.0068 3688 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/19 11:59:22.0099 3688 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/19 11:59:22.0146 3688 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/03/19 11:59:22.0193 3688 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/19 11:59:22.0224 3688 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/19 11:59:22.0240 3688 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/19 11:59:22.0255 3688 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/19 11:59:22.0287 3688 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys 2011/03/19 11:59:22.0318 3688 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/19 11:59:22.0365 3688 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/19 11:59:22.0396 3688 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/03/19 11:59:22.0412 3688 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/03/19 11:59:22.0443 3688 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/03/19 11:59:22.0505 3688 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/19 11:59:22.0552 3688 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/03/19 11:59:22.0583 3688 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/03/19 11:59:22.0630 3688 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/03/19 11:59:22.0677 3688 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/19 11:59:22.0724 3688 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/03/19 11:59:22.0755 3688 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/03/19 11:59:22.0787 3688 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 2011/03/19 11:59:22.0818 3688 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/03/19 11:59:22.0849 3688 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/03/19 11:59:22.0865 3688 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/03/19 11:59:22.0880 3688 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 2011/03/19 11:59:22.0912 3688 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/03/19 11:59:22.0943 3688 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 2011/03/19 11:59:22.0974 3688 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 2011/03/19 11:59:23.0005 3688 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/03/19 11:59:23.0052 3688 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/03/19 11:59:23.0146 3688 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/03/19 11:59:23.0146 3688 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/03/19 11:59:23.0146 3688 sptd - detected Locked file (1) 2011/03/19 11:59:23.0177 3688 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys 2011/03/19 11:59:23.0208 3688 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/19 11:59:23.0224 3688 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/19 11:59:23.0271 3688 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 2011/03/19 11:59:23.0302 3688 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/19 11:59:23.0380 3688 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys 2011/03/19 11:59:23.0458 3688 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/19 11:59:23.0490 3688 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/19 11:59:23.0521 3688 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/03/19 11:59:23.0552 3688 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/03/19 11:59:23.0568 3688 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/19 11:59:23.0583 3688 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/19 11:59:23.0646 3688 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/19 11:59:23.0662 3688 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/03/19 11:59:23.0693 3688 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys 2011/03/19 11:59:23.0724 3688 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/19 11:59:23.0740 3688 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 2011/03/19 11:59:23.0771 3688 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/19 11:59:23.0818 3688 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/03/19 11:59:23.0849 3688 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/19 11:59:23.0880 3688 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys 2011/03/19 11:59:23.0896 3688 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys 2011/03/19 11:59:23.0927 3688 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/03/19 11:59:23.0943 3688 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/19 11:59:23.0974 3688 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/19 11:59:24.0005 3688 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys 2011/03/19 11:59:24.0037 3688 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys 2011/03/19 11:59:24.0052 3688 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/19 11:59:24.0068 3688 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/19 11:59:24.0099 3688 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/03/19 11:59:24.0130 3688 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/19 11:59:24.0146 3688 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/03/19 11:59:24.0193 3688 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/03/19 11:59:24.0224 3688 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/03/19 11:59:24.0240 3688 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 2011/03/19 11:59:24.0271 3688 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/03/19 11:59:24.0302 3688 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/03/19 11:59:24.0318 3688 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/03/19 11:59:24.0349 3688 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/03/19 11:59:24.0380 3688 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 2011/03/19 11:59:24.0396 3688 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/03/19 11:59:24.0443 3688 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 2011/03/19 11:59:24.0474 3688 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/19 11:59:24.0490 3688 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/19 11:59:24.0537 3688 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 2011/03/19 11:59:24.0568 3688 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/19 11:59:24.0630 3688 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/03/19 11:59:24.0662 3688 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/03/19 11:59:24.0740 3688 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/03/19 11:59:24.0802 3688 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/19 11:59:24.0849 3688 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/03/19 11:59:24.0880 3688 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/19 11:59:24.0990 3688 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 2011/03/19 11:59:25.0068 3688 ================================================================================ 2011/03/19 11:59:25.0068 3688 Scan finished 2011/03/19 11:59:25.0068 3688 ================================================================================ 2011/03/19 11:59:25.0083 3136 Detected object count: 1 2011/03/19 11:59:34.0896 3136 Locked file(sptd) - User select action: Skip |
Szerző: | stell [ szomb. márc. 19, 2011 11:54 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Ok, edig minden renben, a modifikaciot ahogy latom csak a Daemon tools, csinalta. De futtasd meg le a TDSSKILERT http://www.virus-stell.com/2010/08/root ... -tdl3.html Ha ez a vizsga is jo lesz akkor mar csak egy programot futtatunk. |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 11:45 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
2/2: ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88A94042] \SystemRoot\System32\Drivers\spby.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88A946D6] \SystemRoot\System32\Drivers\spby.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88A94800] \SystemRoot\System32\Drivers\spby.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88A9413E] \SystemRoot\System32\Drivers\spby.sys IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\aog5ol9e.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84A791F8 Device \FileSystem\fastfat \FatCdrom 84B991F8 Device \FileSystem\udfs \UdfsCdRom 851651F8 Device \FileSystem\udfs \UdfsDisk 851651F8 Device \Driver\volmgr \Device\VolMgrControl 84A751F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{9F5F4A72-FA16-416C-A216-2D7E76B8602A} 85C471F8 Device \Driver\usbuhci \Device\USBPDO-0 85D491F8 Device \Driver\PCI_PNP1436 \Device\00000051 spby.sys Device \Driver\usbuhci \Device\USBPDO-1 85D491F8 Device \Driver\usbuhci \Device\USBPDO-2 85D491F8 Device \Driver\usbuhci \Device\USBPDO-3 85D491F8 Device \Driver\usbehci \Device\USBPDO-4 85D06500 AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume1 84A751F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 84A751F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85BE11F8 Device \Driver\volmgr \Device\HarddiskVolume3 84A751F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A771F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84A771F8 Device \Driver\atapi \Device\Ide\IdePort0 84A771F8 Device \Driver\atapi \Device\Ide\IdePort1 84A771F8 Device \Driver\atapi \Device\Ide\IdePort2 84A771F8 Device \Driver\atapi \Device\Ide\IdePort3 84A771F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 84A771F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 84A771F8 Device \Driver\cdrom \Device\CdRom1 85BE11F8 Device \Driver\volmgr \Device\HarddiskVolume4 84A751F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85C471F8 AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 85D491F8 Device \Driver\usbuhci \Device\USBFDO-1 85D491F8 Device \Driver\usbuhci \Device\USBFDO-2 85D491F8 Device \Driver\usbuhci \Device\USBFDO-3 85D491F8 Device \Driver\sptd \Device\1200896436 spby.sys Device \Driver\usbehci \Device\USBFDO-4 85D06500 Device \Driver\aog5ol9e \Device\Scsi\aog5ol9e1 85D1C500 Device \Driver\aog5ol9e \Device\Scsi\aog5ol9e1Port4Path0Target0Lun0 85D1C500 Device \FileSystem\fastfat \Fat 84B991F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft fáljrendszerszűrő-kezelő/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 85197500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0x83 0x41 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xB6 0xF5 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x91 0x09 0xB7 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0x31 0x0C 0x74 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xB6 0xF5 0x51 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBE 0x45 0x99 0x75 ... ---- EOF - GMER 1.0.15 ---- |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 11:44 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
az eredmény 2 részletben: 1/2: GMER 1.0.15.15565 - http://www.gmer.net Rootkit scan 2011-03-19 11:41:25 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD2500AAJS-98B4A0 rev.01.03A01 Running: 1fk1ppwi.exe; Driver: C:\Users\KORNL~1\AppData\Local\Temp\fwdiipog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x88D6C9CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E843A68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x88D6EEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x88D6EF04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x88D6F01A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x88D6EE02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x88D6EF54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x88D6EE56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x88D6EFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x88D6C9EE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E843B18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x88D6C7B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x88D6CA12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x88D6F412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x88D6D4AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x88D6EEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x88D6EF2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x88D6F044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x88D6EE2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x88D6EF94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x88D6EE84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x88D6EFF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E843BB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x88D6D370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x88D6CA36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x88D6CA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x88D6C812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x88D6C94E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x88D6C92A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x88D6C972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x88D6CA7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E8588DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A7B339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82ABBDC0 4 Bytes [CA, C9, D6, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82ABBDE8 4 Bytes [68, 3A, 84, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82ABBE9C 8 Bytes [AC, EE, D6, 88, 04, EF, D6, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82ABBEA8 4 Bytes [1A, F0, D6, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ABBEC4 4 Bytes [02, EE, D6, 88] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C49B6C 5 Bytes JMP 8E85429E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82C6216E 5 Bytes JMP 8E855D50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C7726D 4 Bytes CALL 88D6DE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C9102C 4 Bytes CALL 88D6DE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D1AE44 7 Bytes JMP 8E8588E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spby.sys A rendszer nem találja a megadott elérési utat. ! .text USBPORT.SYS!DllUnload 8EA60D81 5 Bytes JMP 85D554E0 .text aog5ol9e.SYS 8E801000 12 Bytes [44, B8, A0, 82, EE, B6, A0, ...] .text aog5ol9e.SYS 8E80100D 9 Bytes [97, A0, 82, 48, BB, A0, 82, ...] {XCHG EDI, EAX; MOV AL, [0xa0bb4882]; ADD BYTE [EAX], 0x0} .text aog5ol9e.SYS 8E801017 170 Bytes [00, DE, 07, B9, 88, E6, 05, ...] .text aog5ol9e.SYS 8E8010C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text aog5ol9e.SYS 8E8010CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA0EE0000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA0F03050] ? C:\Windows\system32\Drivers\PROCEXP113.SYS A rendszer nem találja a megadott fájlt. ! ? C:\Users\KORNL~1\AppData\Local\Temp\catchme.sys A rendszer nem találja a megadott fájlt. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00050120 .text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0005006C .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000500E4 .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00050030 .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000500A8 .text C:\Windows\System32\spoolsv.exe[552] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\System32\spoolsv.exe[552] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\System32\spoolsv.exe[552] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00140120 .text C:\Windows\System32\spoolsv.exe[552] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0014006C .text C:\Windows\System32\spoolsv.exe[552] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001400E4 .text C:\Windows\System32\spoolsv.exe[552] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00140030 .text C:\Windows\System32\spoolsv.exe[552] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001400A8 .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\lsass.exe[584] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 000A006C .text C:\Windows\system32\lsass.exe[584] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 000A0030 .text C:\Windows\system32\lsass.exe[584] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00030120 .text C:\Windows\system32\lsass.exe[584] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0003006C .text C:\Windows\system32\lsass.exe[584] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000300E4 .text C:\Windows\system32\lsass.exe[584] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00030030 .text C:\Windows\system32\lsass.exe[584] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000300A8 .text C:\Windows\system32\taskhost.exe[588] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0005006C .text C:\Windows\system32\taskhost.exe[588] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskhost.exe[588] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00070120 .text C:\Windows\system32\taskhost.exe[588] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0007006C .text C:\Windows\system32\taskhost.exe[588] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000700E4 .text C:\Windows\system32\taskhost.exe[588] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00070030 .text C:\Windows\system32\taskhost.exe[588] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000700A8 .text C:\Windows\system32\lsm.exe[592] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 000A006C .text C:\Windows\system32\lsm.exe[592] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 000A0030 .text C:\Windows\system32\svchost.exe[704] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[704] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[704] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00140120 .text C:\Windows\system32\svchost.exe[704] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0014006C .text C:\Windows\system32\svchost.exe[704] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001400E4 .text C:\Windows\system32\svchost.exe[704] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00140030 .text C:\Windows\system32\svchost.exe[704] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001400A8 .text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\nvvsvc.exe[828] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Windows\system32\nvvsvc.exe[828] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Windows\system32\nvvsvc.exe[828] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 001F0120 .text C:\Windows\system32\nvvsvc.exe[828] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 001F006C .text C:\Windows\system32\nvvsvc.exe[828] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001F00E4 .text C:\Windows\system32\nvvsvc.exe[828] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 001F0030 .text C:\Windows\system32\nvvsvc.exe[828] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001F00A8 .text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00A90120 .text C:\Windows\System32\svchost.exe[956] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 00A9006C .text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 00A900E4 .text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00A90030 .text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 00A900A8 .text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00A10120 .text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 00A1006C .text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 00A100E4 .text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00A10030 .text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 00A100A8 .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00F00120 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 00F0006C .text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 00F000E4 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00F00030 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 00F000A8 .text C:\Windows\system32\nvvsvc.exe[1152] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Windows\system32\nvvsvc.exe[1152] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 001F0120 .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 001F006C .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001F00E4 .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 001F0030 .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001F00A8 .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00970120 .text C:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0097006C .text C:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 009700E4 .text C:\Windows\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00970030 .text C:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 009700A8 .text C:\Windows\system32\winlogon.exe[1328] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[1328] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[1328] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 000C0120 .text C:\Windows\system32\winlogon.exe[1328] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 000C006C .text C:\Windows\system32\winlogon.exe[1328] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000C00E4 .text C:\Windows\system32\winlogon.exe[1328] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 000C0030 .text C:\Windows\system32\winlogon.exe[1328] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000C00A8 .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 01400120 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0140006C .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 014000E4 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 01400030 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 014000A8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1424] kernel32.dll!SetUnhandledExceptionFilter 76B23D01 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0015006C .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00150030 .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 001E0120 .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 001E006C .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001E00E4 .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 001E0030 .text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[1580] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001E00A8 .text C:\Windows\system32\taskhost.exe[1620] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0005006C .text C:\Windows\system32\taskhost.exe[1620] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskhost.exe[1620] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 000E0120 .text C:\Windows\system32\taskhost.exe[1620] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 000E006C .text C:\Windows\system32\taskhost.exe[1620] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000E00E4 .text C:\Windows\system32\taskhost.exe[1620] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 000E0030 .text C:\Windows\system32\taskhost.exe[1620] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000E00A8 .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0015006C .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00150030 .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 002E0120 .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 002E006C .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 002E00E4 .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 002E0030 .text C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe[1752] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 002E00A8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0017006C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00170030 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00190120 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0019006C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001900E4 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00190030 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1912] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001900A8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0017006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00170030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00210120 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0021006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 002100E4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00210030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1920] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 002100A8 .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0015006C .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00150030 .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 001E0120 .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 001E006C .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001E00E4 .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 001E0030 .text C:\Program Files\CyberLink\Shared files\brs.exe[1928] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001E00A8 .text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[2280] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00AE0120 .text C:\Windows\system32\svchost.exe[2280] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 00AE006C .text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 00AE00E4 .text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00AE0030 .text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWindowsHookExA 77226D0C 3 Bytes JMP 00AE00A8 .text C:\Windows\system32\svchost.exe[2280] USER32.dll!SetWindowsHookExA + 4 77226D10 1 Byte [89] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00310120 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0031006C .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 003100E4 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00310030 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2328] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 003100A8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00100120 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0010006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001000E4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00100030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2392] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001000A8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!UnhookWindowsHookEx 771FADF9 3 Bytes JMP 00200120 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!UnhookWindowsHookEx + 4 771FADFD 1 Byte [89] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!UnhookWinEvent 771FB750 3 Bytes JMP 0020006C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!UnhookWinEvent + 4 771FB754 1 Byte [89] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 002000E4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00200030 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2432] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 002000A8 .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00180120 .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0018006C .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001800E4 .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00180030 .text C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe[2484] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001800A8 .text C:\Windows\system32\DllHost.exe[2516] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0009006C .text C:\Windows\system32\DllHost.exe[2516] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00090030 .text C:\Windows\system32\DllHost.exe[2516] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00220120 .text C:\Windows\system32\DllHost.exe[2516] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0022006C .text C:\Windows\system32\DllHost.exe[2516] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 002200E4 .text C:\Windows\system32\DllHost.exe[2516] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00220030 .text C:\Windows\system32\DllHost.exe[2516] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 002200A8 .text C:\Windows\Explorer.exe[2596] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\Explorer.exe[2596] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\Explorer.exe[2596] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 003A0120 .text C:\Windows\Explorer.exe[2596] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 003A006C .text C:\Windows\Explorer.exe[2596] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 003A00E4 .text C:\Windows\Explorer.exe[2596] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 003A0030 .text C:\Windows\Explorer.exe[2596] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 003A00A8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00100120 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0010006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001000E4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00100030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2776] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001000A8 .text C:\Windows\system32\SearchIndexer.exe[2884] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\SearchIndexer.exe[2884] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\SearchIndexer.exe[2884] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00140120 .text C:\Windows\system32\SearchIndexer.exe[2884] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0014006C .text C:\Windows\system32\SearchIndexer.exe[2884] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001400E4 .text C:\Windows\system32\SearchIndexer.exe[2884] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00140030 .text C:\Windows\system32\SearchIndexer.exe[2884] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001400A8 .text C:\Windows\system32\notepad.exe[3004] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\notepad.exe[3004] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\notepad.exe[3004] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00100120 .text C:\Windows\system32\notepad.exe[3004] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0010006C .text C:\Windows\system32\notepad.exe[3004] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001000E4 .text C:\Windows\system32\notepad.exe[3004] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00100030 .text C:\Windows\system32\notepad.exe[3004] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001000A8 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 001F0120 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 001F006C .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001F00E4 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 001F0030 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3164] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001F00A8 .text C:\Windows\system32\svchost.exe[3180] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[3180] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[3180] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 002B0120 .text C:\Windows\system32\svchost.exe[3180] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 002B006C .text C:\Windows\system32\svchost.exe[3180] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 002B00E4 .text C:\Windows\system32\svchost.exe[3180] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 002B0030 .text C:\Windows\system32\svchost.exe[3180] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 002B00A8 .text C:\Windows\system32\Dwm.exe[3300] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 000A006C .text C:\Windows\system32\Dwm.exe[3300] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 000A0030 .text C:\Windows\system32\Dwm.exe[3300] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 000C0120 .text C:\Windows\system32\Dwm.exe[3300] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 000C006C .text C:\Windows\system32\Dwm.exe[3300] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000C00E4 .text C:\Windows\system32\Dwm.exe[3300] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 000C0030 .text C:\Windows\system32\Dwm.exe[3300] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000C00A8 .text C:\Windows\System32\svchost.exe[3392] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[3392] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[3392] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00140120 .text C:\Windows\System32\svchost.exe[3392] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0014006C .text C:\Windows\System32\svchost.exe[3392] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 001400E4 .text C:\Windows\System32\svchost.exe[3392] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00140030 .text C:\Windows\System32\svchost.exe[3392] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 001400A8 .text C:\Windows\System32\svchost.exe[3524] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[3524] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[3524] user32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00270120 .text C:\Windows\System32\svchost.exe[3524] user32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0027006C .text C:\Windows\System32\svchost.exe[3524] user32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 002700E4 .text C:\Windows\System32\svchost.exe[3524] user32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00270030 .text C:\Windows\System32\svchost.exe[3524] user32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 002700A8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 000A006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 000A0030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 000D0120 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 000D006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 000D00E4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 000D0030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 000D00A8 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] ntdll.dll!LdrUnloadDll 7736C8DE 5 Bytes JMP 0016006C .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] ntdll.dll!LdrLoadDll 773722B8 5 Bytes JMP 00160030 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] USER32.dll!UnhookWindowsHookEx 771FADF9 5 Bytes JMP 00380120 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] USER32.dll!UnhookWinEvent 771FB750 5 Bytes JMP 0038006C .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] USER32.dll!SetWindowsHookExW 771FE30C 5 Bytes JMP 003800E4 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] USER32.dll!SetWinEventHook 772024DC 5 Bytes JMP 00380030 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4056] USER32.dll!SetWindowsHookExA 77226D0C 5 Bytes JMP 003800A8 |
Szerző: | stell [ szomb. márc. 19, 2011 11:02 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Idézet: detected NTDLL code modification Ez ugy nez ki hogy a Rustock>troja munkaja, 1:Futtatod az G-Mer programot LetöltésGMER Mentse el az asztalra. http://www.gmer.net/download.php/ Zárjon be minden más megnyitott programot GMER futtatása előtt ellenkező esetben előfordulhat a számítógép összeomlása. Bontson internet csatlakozást,kapcsolja ki minden biztonsági programot,pajzsot, Ez után indítsa a GMER programot duplán kattintva az. exe. fajlora Megjelenhet egy figyelmeztető szöveg "GMER észlelte rootkit tevékenységet".[GMER has detected rootkit activity ] Ha eszt latjuk , akkor válasszuk a NO lehetőséget.Most nem kell irtani semmit csak elvégzünk a rootkit keresést is rejtett folyamatok felderítését - ez a célunk A főablakban pipázzuk be minden fájl típust,-ezután kattintson a Beolvasás elemre.[scan] Amikor a szkennelés befejeződött, kattintson a Mentés gombra,[save] és mentse el a txt-t az Asztalon,itt könnyedén megtalálja. Tedd ide |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 10:33 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
íme: ComboFix 11-03-18.03 - Kornél 011.03.19. 10:05:56.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.36.1038.18.2047.1268 [GMT 1:00] Running from: c:\users\Kornél\Desktop\ComboFix.exe AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 ))))))))))))))))))))))))))))))) . . 2011-03-19 09:21 . 2011-03-19 09:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-19 07:39 . 2011-03-19 08:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-03-19 07:39 . 2011-03-19 07:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-03-17 23:12 . 2011-03-17 23:12 -------- d-----w- c:\program files\Common Files\DivX Shared 2011-03-17 23:12 . 2011-03-17 23:13 -------- d-----w- c:\program files\DivX 2011-03-17 23:11 . 2011-03-17 23:13 -------- d-----w- c:\programdata\DivX 2011-03-17 22:39 . 2011-03-17 22:39 -------- d-----w- c:\programdata\VMware 2011-03-17 22:39 . 2011-03-17 22:39 -------- d-----w- c:\program files\Xenocode 2011-03-17 22:38 . 2011-03-08 15:04 -------- d-----w- c:\program files\Nero Recode 4.6.10900 2011-03-16 20:10 . 2011-03-16 20:14 -------- d-----w- c:\program files\nandub-binary-1.0rc2 2011-03-16 11:24 . 2011-03-16 11:25 -------- d-----w- c:\programdata\InterVideo 2011-03-16 11:24 . 2011-03-16 11:24 -------- d-----w- c:\program files\Common Files\InterVideo 2011-03-16 11:24 . 2001-12-10 16:42 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll 2011-03-16 11:24 . 2001-12-10 16:42 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll 2011-03-16 11:24 . 2001-12-10 16:42 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll 2011-03-16 11:24 . 2001-12-10 16:42 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll 2011-03-16 11:24 . 2001-12-10 16:42 188416 ----a-w- c:\windows\system32\IVIresizePX.dll 2011-03-16 11:24 . 2001-12-10 16:42 20480 ----a-w- c:\windows\system32\IVIresize.dll 2011-03-16 11:24 . 2011-03-16 11:24 -------- d-----w- c:\program files\InterVideo 2011-03-16 10:31 . 2011-03-16 10:31 -------- d-----w- c:\program files\Microsoft Silverlight 2011-03-15 20:32 . 2011-03-15 20:35 -------- d-----w- c:\program files\Windows Live 2011-03-15 20:31 . 2011-03-15 20:31 -------- d-----w- c:\program files\Common Files\Windows Live 2011-03-15 20:10 . 2011-03-15 20:11 -------- d-----w- c:\program files\Internet Download Manager 2011-03-15 20:09 . 2011-03-15 20:09 -------- d-----w- c:\program files\Nvu 2011-03-15 20:07 . 2011-03-15 20:07 -------- d-----w- c:\program files\Nero 2011-03-15 20:07 . 2011-03-15 20:07 -------- d-----w- c:\program files\Common Files\Nero 2011-03-15 17:49 . 2011-03-15 17:49 -------- d-----w- c:\windows\system32\Macromed 2011-03-15 17:42 . 2011-03-15 17:42 -------- d-----w- c:\program files\Feedback Tool 2011-03-15 17:37 . 2011-03-15 17:37 -------- d-----w- c:\program files\MSECache 2011-03-15 17:36 . 2011-03-15 17:36 -------- d-----w- c:\program files\Common Files\Java 2011-03-15 17:35 . 2011-03-15 17:35 -------- d-----w- c:\programdata\McAfee 2011-03-15 17:34 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2011-03-15 17:34 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2011-03-15 17:33 . 2011-03-16 10:47 -------- d-----w- c:\program files\Microsoft.NET 2011-03-15 17:33 . 2011-03-15 17:33 -------- d-----w- c:\windows\PCHEALTH 2011-03-15 17:31 . 2011-03-15 17:31 -------- d-----r- C:\MSOCache 2011-03-15 17:31 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-03-15 17:28 . 2011-03-15 17:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-03-15 17:28 . 2011-03-15 17:28 -------- d-----w- c:\program files\DAEMON Tools Lite 2011-03-15 17:27 . 2011-03-15 17:28 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-03-15 17:20 . 2011-03-15 17:20 -------- d-----w- c:\program files\IrfanView 2011-03-15 17:17 . 2011-03-15 17:17 97059 ----a-w- c:\windows\CyberLink PowerDVD Ultra 10 Uninstaller.exe 2011-03-15 17:16 . 2011-03-15 17:18 -------- d-----w- c:\programdata\CyberLink 2011-03-15 17:14 . 2011-03-15 17:16 -------- d-----w- c:\program files\CyberLink 2011-03-15 17:14 . 2011-03-15 17:13 29480 ----a-w- c:\windows\system32\msxml3a.dll 2011-03-15 17:13 . 2011-03-15 17:13 -------- d-----w- c:\program files\AC3Filter 2011-03-15 17:06 . 2011-03-15 17:06 -------- d-----w- c:\program files\uTorrent 2011-03-15 17:05 . 2011-03-15 17:05 -------- d-----w- c:\program files\Win7codecs 2011-03-15 17:04 . 2011-03-15 17:05 -------- d-----w- c:\programdata\Win7codecs 2011-03-15 17:03 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-15 17:03 . 2011-03-15 17:35 -------- d-----w- c:\program files\Java 2011-03-15 17:02 . 2011-03-15 17:02 -------- d-----w- c:\program files\Citro Ticker 2011-03-15 17:02 . 2011-03-15 17:02 -------- d-----w- c:\program files\CCleaner 2011-03-15 17:00 . 2011-02-21 19:46 -------- d-----w- c:\program files\VobBlanker_2130 2011-03-15 16:59 . 2011-03-16 20:25 -------- d-----w- c:\program files\WAV to AC3 Encoder (Win32 Unicode) 2011-03-15 16:59 . 2011-03-15 16:59 -------- d-----w- c:\program files\VirtualDub 1.7.8 2011-03-15 16:58 . 2011-03-16 20:34 -------- d-----w- c:\programdata\River Past G4 2011-03-15 16:58 . 2011-03-15 16:58 161496 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe 2011-03-15 16:58 . 2011-03-15 16:58 -------- d-----w- c:\program files\River Past 2011-03-15 16:58 . 2011-03-15 16:58 -------- d-----w- c:\program files\Common Files\River Past 2011-03-15 16:58 . 2011-03-15 16:58 -------- d-----w- c:\program files\PgcDemux 1205 2011-03-15 16:57 . 2011-03-15 16:57 -------- d-----w- c:\program files\IfoEdit 2011-03-15 16:57 . 2011-03-15 16:57 -------- d-----w- c:\program files\URUSoft 2011-03-15 16:55 . 2011-03-17 22:59 -------- d-----w- c:\programdata\DVD Shrink 2011-03-15 16:54 . 2011-03-15 16:56 -------- d-----w- c:\program files\DVD Shrink 2011-03-15 16:52 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C6A74C9-0464-4D1C-B43D-EAF6CAB66F68}\mpengine.dll 2011-03-15 16:52 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-03-15 16:51 . 2011-03-15 16:54 -------- d-----w- c:\program files\coolpro2 2011-03-15 16:49 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll 2011-03-15 16:49 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll 2011-03-15 16:49 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll 2011-03-15 16:49 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll 2011-03-15 16:49 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll 2011-03-15 16:49 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2011-03-15 16:49 . 2009-09-02 11:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2011-03-15 16:49 . 2011-03-15 16:49 -------- d-----w- c:\program files\VSO 2011-03-15 16:47 . 2011-03-15 16:47 -------- d-----w- c:\program files\Common Files\Adobe 2011-03-15 16:26 . 2011-03-15 16:28 -------- d--h--w- c:\program files\Temp 2011-03-15 16:26 . 2010-06-24 10:13 1251944 ----a-w- c:\windows\RtlExUpd.dll 2011-03-15 16:26 . 2011-03-16 11:23 -------- d-----w- c:\program files\Common Files\InstallShield 2011-03-15 16:25 . 2011-03-19 07:15 -------- d-----w- c:\programdata\NVIDIA 2011-03-15 16:24 . 2011-03-15 16:24 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-03-15 16:24 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-03-15 16:24 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-03-15 16:24 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-03-15 16:24 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll 2011-03-15 16:24 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll 2011-03-15 16:24 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-03-15 16:24 . 2011-01-08 03:27 1965672 ----a-w- c:\windows\system32\nvapi.dll 2011-03-15 16:24 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll 2011-03-15 16:24 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-03-15 16:24 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-03-15 16:24 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-03-15 16:23 . 2011-03-15 16:26 -------- d-----w- c:\program files\NVIDIA Corporation 2011-03-15 16:23 . 2011-03-15 16:23 -------- d-----w- C:\NVIDIA 2011-03-15 16:18 . 2011-02-23 14:57 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-03-15 16:18 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-03-15 16:18 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-03-15 16:18 . 2011-02-23 14:56 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-03-15 16:18 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-03-15 16:18 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-15 16:18 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-03-15 16:18 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-15 16:17 . 2011-03-17 23:12 -------- d-sh--w- c:\windows\Installer 2011-03-15 16:17 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr 2011-03-15 16:17 . 2011-02-23 13:34 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2011-03-15 16:17 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-15 16:17 . 2011-03-15 16:17 -------- d-----w- c:\programdata\AVAST Software 2011-03-15 16:17 . 2011-03-15 16:17 -------- d-----w- c:\program files\AVAST Software 2011-03-15 16:14 . 2011-03-15 16:14 -------- d-----w- C:\totalcmd 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\UC.PIF 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\RAR.PIF 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKZIP.PIF 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\LHA.PIF 2011-03-15 16:14 . 2010-11-29 06:56 545 ----a-w- c:\windows\ARJ.PIF 2011-03-15 16:03 . 2011-03-15 16:03 -------- d-----w- c:\users\Kornél 2011-03-15 16:02 . 2011-03-15 16:02 -------- d-sh--we c:\users\Default\Sablonok 2011-03-15 16:02 . 2011-03-15 16:02 -------- d-sh--we c:\users\Default\Dokumentumok 2011-03-15 16:02 . 2011-03-15 16:02 -------- d-sh--we c:\programdata\Sablonok 2011-03-15 16:02 . 2011-03-15 16:02 -------- d-sh--we c:\programdata\Dokumentumok 2011-03-15 16:02 . 2011-03-15 16:02 -------- d-sh--we c:\programdata\Asztal 2011-03-15 16:02 . 2011-03-15 16:02 -------- d-----w- C:\Recovery 2011-03-15 14:45 . 2011-03-15 16:03 -------- d-----w- c:\windows\Panther . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-15 20:32 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-15 17:13 . 2003-03-18 20:14 505128 ----a-w- c:\windows\system32\msvcp71.dll 2011-03-15 17:13 . 2003-02-21 03:42 353576 ----a-w- c:\windows\system32\msvcr71.dll 2011-01-25 10:40 . 2011-01-25 10:44 85768 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2011-01-08 03:27 . 2011-03-15 16:24 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-01-08 03:27 . 2009-07-13 22:09 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll 2011-01-07 20:06 . 2011-01-07 20:06 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe 2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll 2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll 2010-12-29 00:23 . 2010-12-29 00:23 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2010-12-29 00:19 . 2010-12-29 00:19 45056 ----a-w- c:\windows\system32\ff_acm.acm . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate] @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}" [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}] 2010-11-20 21:29 442880 ----a-w- c:\windows\System32\ntshrui.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-06 9394792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-17 75048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] . c:\users\Korn‚l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Citro Ticker.lnk - c:\program files\Citro Ticker\Ticker.exe [2009-7-20 1189888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-3-16 204800] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 sppsvc;Szoftvervédelem;c:\windows\system32\sppsvc.exe [2010-11-20 3179520] R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864] R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240] R3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2009-07-14 422976] R3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2009-07-14 297552] R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256] R3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys [2009-07-14 159312] R3 AppID;AppID illesztőprogramja;c:\windows\system32\drivers\appid.sys [2010-11-20 50176] R3 AppIDSvc;Alkalmazásidentitás;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 Appinfo;Alkalmazásadatok;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2009-07-14 86608] R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2009-07-13 430080] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] R3 BDESVC;BitLocker meghajtótitkosítási szolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2009-07-13 13568] R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2009-07-13 5248] R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128] R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160] R3 CertPropSvc;Tanúsítvány-terjesztés;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2009-07-13 37888] R3 defragsvc;Lemeztöredezettség-mentesítő;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbdx.sys [2009-07-13 3100160] R3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2009-07-14 453712] R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160] R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160] R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624] R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152] R3 iaStorV;iaStorV;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160] R3 IKEEXT;IKE és Auth-IP kulcskezelő modulok;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPBusEnum;PnP-X rendszerű IP-busz számbavételezője;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344] R3 KtmRm;KtmRm – Elosztott tranzakciók koordinátora;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 lltdsvc;Kapcsolati rétegbeli topológia feltérképezője;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2009-07-14 95824] R3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2009-07-14 89168] R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys [2009-07-14 54864] R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2009-07-14 96848] R3 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2009-07-14 30800] R3 mpio;mpio;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432] R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032] R3 msdsm;msdsm;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096] R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096] R3 MSiSCSI;Microsoft iSCSI-kezdeményező szolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 MsRPC;MsRPC; [x] R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys [2009-07-13 12288] R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264] R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136] R3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2009-07-14 44624] R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744] R3 pla;Teljesítménynaplók és riasztások;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 PNRPAutoReg;PNRP számítógépnév-közzétételi szolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys [2009-07-14 1383488] R3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys [2009-07-14 106064] R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\drivers\rdpbus.sys [2009-07-14 18944] R3 scfilter;Intelligens kártya PnP-osztályának szűrőillesztője;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624] R3 SCPolicySvc;Intelligens kártya eltávolítási házirend;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SDRSVC;Windows biztonsági másolat;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SensrSvc;Adaptív fényerő;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 SessionEnv;Távoli asztal beállítása;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288] R3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2009-07-14 77888] R3 Smb;Üzenetközpontú TCP/IP és TCP/IPv6 protokoll (SMB-munkamenet);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168] R3 sppuinotify;Szoftvervédelmi platform értesítési szolgáltatása;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys [2009-07-14 21072] R3 TabletInputService;Táblaszámítógépes beviteli szolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 TBS;TPM-alapszolgáltatások;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 THREADORDER;Szálsorrend-kiszolgáló;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 TrustedInstaller;Windows-modulok telepítője;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800] R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 UI0Detect;Interaktív szolgáltatások észlelése;c:\windows\system32\UI0Detect.exe [2009-07-14 35840] R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424] R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016] R3 VaultSvc;Hitelesítőadat-kezelő;c:\windows\system32\lsass.exe [2009-07-14 22528] R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128] R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2009-07-13 52736] R3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2009-07-14 141904] R3 vwifibus;Virtuális WiFi-busz illesztőprogramja;c:\windows\System32\drivers\vwifibus.sys [2009-07-13 19968] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-07-13 21632] R3 wbengine;Blokkszintű biztonsági mentés motorja szolgáltatás;c:\windows\system32\wbengine.exe [2010-11-20 1203200] R3 WbioSrvc;Windows biometrikus szolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WcsPlugInService;Windows színrendszer;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 Wd;Wd;c:\windows\system32\drivers\wd.sys [2009-07-14 19024] R3 WdiSystemHost;Diagnosztikagazda;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 Wecsvc;Windows Eseménygyűjtő;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 wercplsupport;Problémajelentések és megoldások vezérlőpult-támogatása;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WerSvc;Windows hibajelentési szolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008] R3 WinRM;Rendszerfelügyeleti webszolgáltatások;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 Wlansvc;WLAN hálózat automatikus beállítása;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WPDBusEnum;Hordozható eszközök számbavételi szolgáltatása;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 WwanSvc;WWAN automatikus konfigurálás;c:\windows\system32\svchost.exe [2009-07-14 20992] R4 Mcx2Svc;Windows Media Center Extender szolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 CLFS;Közös napló (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408] S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568] S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448] S0 fvevol;Bitlocker meghajtótitkosítás szűrőjének illesztőprogramja;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800] S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208] S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200] S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888] S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088] S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440] S0 spldr;Security Processor Loader Driver; [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-15 691696] S0 vdrvroot;Microsoft virtuálismeghajtó-számbavevő illesztőprogram;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832] S0 volmgr;Hangerőszabályzó illesztőprogramja;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120] S0 volmgrx;Dinamikus kötetkezelő;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328] S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336] S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256] S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896] S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656] S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168] S1 tdx;NetIO örökölt TDI-támogatás illesztőprogramja;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752] S1 Wanarpv6;Távelérésű IPv6 ARP-illesztőprogram;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488] S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/15 18:16];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 20:29 87536] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592] S2 AudioEndpointBuilder;Windows-hangvégpontépítő;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-02-23 121000] S2 BFE;Alap szűrőprogram;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 DPS;Diagnosztikavezérlő szolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 FDResPub;Funkciófelderítő erőforrás közzététele;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 FontCache;Windows betűtípus-gyorsítótár szolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 gpsvc;Csoportházirend ügyfél;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768] S2 iphlpsvc;IP-segítő;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128] S2 luafv;Felhasználói fiókok felügyelete - fájlvirtualizálás;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528] S2 MMCSS;Multimédia osztályütemező;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 MpsSvc;Windows tűzfal;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 NlaSvc;Hálózati helyfigyelés;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 nsi;Hálózatitároló-adapter szolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752] S2 Power;Energiagazdálkodás;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 ProfSvc;Felhasználói profil szolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 RpcEptMapper;RPC végpontleképező;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 SysMain;Előtöltés;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328] S2 UxSms;Asztalablak-kezelői munkamenet-kezelő;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920] S3 bowser;Tallózótámogatási illesztőprogram;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632] S3 CompositeBus;Összetett busz-számbavételező illesztőprogramja;c:\windows\system32\DRIVERS\CompositeBus.sys [2010-11-20 31232] S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448] S3 fdPHost;Funkciófelderítő szolgáltató;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 HomeGroupListener;Otthoni csoport figyelője;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 HomeGroupProvider;Otthoni csoport szolgáltatója;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 KeyIso;CNG-kulcs elkülönítése;c:\windows\system32\lsass.exe [2009-07-14 22528] S3 monitor;Monitor osztályú funkciók Microsoft-illesztőszolgáltatása;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552] S3 mpsdrv;Windows tűzfal engedélyezési illesztőprogram;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416] S3 mrxsmb10;SMB 1.x mini-átirányító;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232] S3 mrxsmb20;SMB 2.0 mini-átirányító;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768] S3 netprofm;Hálózatlista szolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 PcaSvc;Programkompatibilitási segédszolgáltatás;c:\windows\system32\svchost.exe [2009-07-14 20992] S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 srv2;Kiszolgálói SMB 2.xxx illesztőprogram;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248] S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176] S3 tunnel;Microsoft alagút-miniportadapter illesztőprogramja;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544] S3 umbus;UMBus enumerálási illesztőprogram;c:\windows\system32\DRIVERS\umbus.sys [2010-11-20 39936] S3 wcncsvc;Windows azonnali csatlakozás - konfiguráció-nyilvántartó;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 WdiServiceHost;Diagnosztikai gazdaszolgáltatás;c:\windows\System32\svchost.exe [2009-07-14 20992] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] RPCSS REG_MULTI_SZ RpcEptMapper RpcSs defragsvc REG_MULTI_SZ defragsvc WerSvcGroup REG_MULTI_SZ wersvc LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc swprv REG_MULTI_SZ swprv LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm regsvc REG_MULTI_SZ RemoteRegistry LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent sdrsvc REG_MULTI_SZ sdrsvc WbioSvcGroup REG_MULTI_SZ WbioSrvc wcssvc REG_MULTI_SZ WcsPlugInService AxInstSVGroup REG_MULTI_SZ AxInstSV secsvcs REG_MULTI_SZ WinDefend . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted homegrouplistener . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService WdiServiceHost sppuinotify . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService lanmanworkstation . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted BthHFSrv homegroupprovider . . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.startlap.hu/ IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: FLV videó tartalmának letöltése IDM-rel - c:\program files\Internet Download Manager\IEGetVL.htm IE: Letöltés IDM-rel - c:\program files\Internet Download Manager\IEExt.htm IE: Összes link letöltése IDM-rel - c:\program files\Internet Download Manager\IEGetAll.htm . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd SafeBoot-sacsvr SafeBoot-vmms . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-19 10:22 Windows 6.1.7601 Service Pack 1 NTFS . detected NTDLL code modification: ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-181883935-1493694465-2419270532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-181883935-1493694465-2419270532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-19 10:32:05 ComboFix-quarantined-files.txt 2011-03-19 09:32 . Pre-Run: 217 426 231 296 bájt szabad Post-Run: 217 319 534 592 bájt szabad . - - End Of File - - D3C60A658E543E279004D903523B0FA4 |
Szerző: | stell [ szomb. márc. 19, 2011 9:50 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
van it egy ures profil HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1229272821-2111687655-1801674531-500 es egy felhasznalo C:\Users\Kornél De azt amit irtal nincsen, ok, Futtasd le a combofixet http://www.virus-stell.com/2010/04/combofix.html a logjat tedd ide. |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 9:12 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
igen. bocsi, nem értettem teljesen. itt van amit létrehozott: SteelWerX Registry Console Tool 3.0 Written by Bobbi Flekman 2006 (C) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users Default REG_EXPAND_SZ %SystemDrive%\Users\Default Public REG_EXPAND_SZ %SystemDrive%\Users\Public ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18 Flags REG_DWORD 12 (0xc) State REG_DWORD 0 (0x0) RefCount REG_DWORD 1 (0x1) Sid REG_BINARY 010100000000000512000000 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19 ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService Flags REG_DWORD 0 (0x0) State REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20 ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService Flags REG_DWORD 0 (0x0) State REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-1229272821-2111687655-1801674531-500 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-181883935-1493694465-2419270532-1001 ProfileImagePath REG_EXPAND_SZ C:\Users\Kornél Flags REG_DWORD 0 (0x0) State REG_DWORD 256 (0x100) Sid REG_BINARY 0105000000000005150000001f54d70a01f8075984233390e9030000 ProfileLoadTimeLow REG_DWORD 0 (0x0) ProfileLoadTimeHigh REG_DWORD 0 (0x0) RefCount REG_DWORD 1 (0x1) RunLogonScriptSync REG_DWORD 0 (0x0) |
Szerző: | nbela [ szomb. márc. 19, 2011 8:58 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
És megnyomtad azt a billentyűt? Amikor a felirat megjelenik, akkor a C győkérben már ott kell lenni a Profile.txt fájlnak. A billentyűnyomással pedig bezáródik az ablak. |
Szerző: | sheriff80 [ szomb. márc. 19, 2011 8:32 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Az a helyzet, hogy megfuttatom a fix.bat fájlt, előjön egy ablak, hogy nyomjak meg egy billentyűt és utána nem történik semmi. de még fél óra múlva sem. Vélemény? |
Szerző: | stell [ pén. márc. 18, 2011 14:59 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
ok,,van idő. |
Szerző: | sheriff80 [ pén. márc. 18, 2011 13:27 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Ok. Köszönöm a gyors reakciót. Holnap tudom megcsinálni, mert reggelig dolgozom. |
Szerző: | stell [ pén. márc. 18, 2011 11:23 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Udv Tolds le az asztalra SWRegfolder.7z http://leteckaposta.cz/259047115 Csomagold ki az asztalra>.nyisd ki az mappat>.es futtasd a .bat>fajlot, add a C:\meghajtora Profile.txt logot, a tartalmat masold be ide. |
Szerző: | sheriff80 [ pén. márc. 18, 2011 10:26 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sziasztok! A következő problémával kapcsolatban kérnék segítséget. Win7-et használok. Védelem: Avast Internet Security. Win Defender, és egy TP-Linkes router tűzfala. Egy ideje észrevettem, hogy van egy másik felhasználó is a gépemen. Ezt kijelentkezéskor észleltem. A neve: Más felhasználó. Nem tudtam sehogy sem eltávolítani, ezért újra telepítettem a gépet. Eltűnt. Egy-két nap múlva ismét visszajött. Ezt eljátszottam már háromszor, és mindig visszajön egy idő múlva. A felhasználó jelszóval van védve. A gépem nem megfelelően működik, mintha valaki más is piszkálna benne, és érezhetően lassúbb a rendszer. Az újratelepítés nem segít sajnos. Hogy lehetne megszabadulni ettől a másik felhasználótól, és mi ez egyáltalán? Vírus, vagy valaki betört e rendszerembe? Valószínűleg nem program hozza létre, mivel magyar a neve a felhasználónak, és nem is telepítettem semmilyen új programot, a megjelenése előtt. Esetleg a Spybot SD-re gondoltam, vagy valami hasonló megoldásra. Szerintetek, mi segítene, és mi lehet ez? Köszi. |
Szerző: | nacorvus [ kedd márc. 01, 2011 23:31 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Off:a vírus alapértelmezése :vagy a Op-rendszer hibás (átjárható),vagy a felhaszálnáló (hülye)ill a harnadik ,de az nem vírus! ![]() ![]() On! |
Szerző: | Laci_L [ kedd márc. 01, 2011 18:08 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
durward írta: Megoldódott. A hiba forrása 4 beragadt gomb a bal felső sarokban... Arra valami rádőlt. ![]() De egy ilyet nem észrevenni, és ennyit ráfordítani, hááát.... ![]() |
Szerző: | durward [ kedd márc. 01, 2011 17:13 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Megoldódott. A hiba forrása 4 beragadt gomb a bal felső sarokban. Esc, f1, f2, és a 0. A bios sípolás újraindulásnál az első kettőnek köszönhető. A súgó ablakok végtelen számú megjelenése az f1-nek, hiszen olyan volt mintha folyamatosan nyomva tartottam volna. köszönöm a segítséget mindannyiótoknak és hogy időt szántatok a problémámra |
Szerző: | nacorvus [ hétf. feb. 28, 2011 22:43 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Nem akarok új témát nyitni hiszen nem igazán az "enyém" ez a topic,de figyelemreméltó: http://infoworld.com/d/security/20-years-innovative-windows-malware-021 ![]() |
Szerző: | stell [ hétf. feb. 28, 2011 12:19 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
tolds le az http://www.hirensbootcd.net/ a letoltes utan csomagold ki-talald meg az ISO-fajlt-A LEGNAGYOBAT. Nero-val vagy valami mas egeto programal egesd ki a kepet-image-az Hiren's.BootCD..iso Tedd be a gepedbe-a BIOSBAN alitsd be a Boot prioritast a CD/DVD-re-es resstart. Valaszd ki Start-mini xp-mikorr be jon a windows{ez a Hiren-windows-futtasd az asztalrol a Network-ikont- most -(boot WinTools) -> Browsers -> Opera ->letoltod a combofixet az asztalra es futtatod--mikor lefut a combofix csinal logot tedd ide-ha a geped restartol,akkor ujbol bootolj ra a Mini xp re es a c:\ combofix.txt logjat tedd ide,ha valamit nemertesz akkor irjal http://download.bleepingcomputer.com/sUBs/ComboFix.exe |
Szerző: | durward [ hétf. feb. 28, 2011 10:22 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Stell! Szia! Sajnos az eredmény változatlan. Újratelepítettem. Xp-vel formatáltam, újratelepítés után feláll a rendszer majd pár perc múlva kidobka a súgó és támogatás ablakot és folyamatosan tölt a gép de nem történik semmi.Annyira lefoglalja a procit, hogy még az egyetlen (súgó ablakot) sem tudom becsukni. |
Szerző: | Laci_L [ csüt. feb. 24, 2011 19:37 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
durward írta: ... most legyalulom valami programmal dosból ... Mint írtam, hallgass stell-re. Ne kapkodj. ![]() Visszamásolásnál használj egy korrekt víruskeresőt (valós időben). Amit fertőzöttnek talál, átlépni. Ha kész a visszamásolás, azt az adathordozót is formázd le a Win telepítőlemezzel. |
Szerző: | stell [ csüt. feb. 24, 2011 18:55 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Minek, gyalulni a dosbol??Ha az rendszer xp, akkor mondent megcsinal a telepito lemez, Uj telepites Ravezet a meglevo particiora>>format>>particio eltavolitas>>szet is oszhatod ha akarod>>uj particioNTFS>>Formazas<Telepites> De minden ADAT hordozot leformazni aztan, es a lementet adatokat, atvizsgalni, ugy ahogy leirtam |
Szerző: | durward [ csüt. feb. 24, 2011 18:34 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
köszönöm a jó tanácsokat. szerencsére már lementettem egy külső hdre az adatokat mielőtt elkezdődött ez a mizéria,de azokat is majd átvizsgálom. most legyalulom valami programmal dosból,aztán majd referálok az eredményről |
Szerző: | Laci_L [ csüt. feb. 24, 2011 18:25 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell írta: ... ha VIRUT fertozes van, akkor , ahogy mar irtam , a fertozes vissza jon, ha nem vigyazol,... kedves durward nem irigyellek. Én már szívtam ugyanevvel. Ha nincs adatmentésed, sok adatod el fog veszni, mert megfertőződött. Ha van másik partíció(k), akkor ami ott van az is. Hallgass stell-re, és pontosan tartsd be amit ír. ![]() |
Szerző: | stell [ csüt. feb. 24, 2011 18:07 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Igen, ez a rendszer tönkre van teve, es fertőzve.kar hogy nem latom, hogy milyen fertőzés van rajta, mert csinalhatsz javito telepitest, de igy mar nem sokat latok belole, itt arrol van szo, ha VIRUT fertozes van, akkor , ahogy mar irtam , a fertozes vissza jon, ha nem vigyazol,. Tanacsolom 1:Ha van fontos adat, akkor csinalj javito telepitest. 2:Formaz le egy pedrivet, es az fontos adatokat csomagold be winrar,,,7_zip,es tedd a pendrivre. 3:Az lementet adatokat at vizsgalni: 1:AVPTOOL http://www.virus-stell.com/2010/04/avptool.html WEBCUREIT http://www.virus-stell.com/2010/04/drwe ... virus.html Amit lehet gyogyitani, amit nem tudnak torolni. 4:Csinalj uj telepitest, de az Telepito lemezel eltavolitani a particiokat, es leformazni, uj particiokat rakni, es aztan csak a telepites. Es aztan meglatod. |
Szerző: | durward [ csüt. feb. 24, 2011 17:54 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sajnos úgy nézem meghalt a windows hiányzó ntldr-t ír ki |
Szerző: | stell [ csüt. feb. 24, 2011 17:25 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
tolds le az asztalra OTListIt2>> OTL futtasdt -bepipazni -Scan all users. -Lop check. -Purity check. -v sekciobaExtra Registry>potyozd be>Use SafeList -az ablakba Custom Scans/Fixes>tedd be a zold textet-klik-Run SCAN -a skan vegen-tedd be a naplokat -OTL.txt (az asztalon lesz). -Extras.txt [a talcan lesz.] Kód: msconfig safebootminimal activex drivers32 netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90 |
Szerző: | durward [ csüt. feb. 24, 2011 17:16 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
nem indítja el rist programot ![]() ![]() elidítom tölt, tölt aztán semmi, mintha 100% a procinak csak ezzel lenne elfoglalva |
Szerző: | stell [ csüt. feb. 24, 2011 14:09 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Na jo, egyelore tedd ide az RSIT logjat, es megnezem, es okosabb lesszek, Minek az Hirens boot cd, ?? Ha kelesz format, uj telepites akkor mindent megcsinal a telepito lemez. BIOS, nincsen,meg nem letezik Bios fertozes, igen irnak Biost,fertozesrol de en meg nemtalakoztam evvel,enszerintem csak teoriaban letezik. |
Szerző: | durward [ csüt. feb. 24, 2011 14:03 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Rsit megvan. Nem telepítettem még újra,mert megtaláltam a Hiren's boot legújabb verzióját azzal letakarítom 0 ra. Utána próbálom megint telepíteni. A biost is megfertőzheti? Ez a sípolást bírnám már megszüntetni. |
Szerző: | stell [ csüt. feb. 24, 2011 13:48 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Most nem tudom hogy , hogyan telepited ujra, tehat csak format?? vagy eltavolitotad a particiokat is?? RSIT, ha ra klikelsz az linkre akkor oda van irva, mit kel csinalnod. |
Szerző: | durward [ csüt. feb. 24, 2011 13:34 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Köszi a gyors választ. Először a dvdre gyanakodtam a sípolás miatt. Aztán a hddre. Akkor formatálom telepítem és megnézem a kűlső driveokat. bocs sajnos nem tudom mi a Rsit log. közben elkezdtem újratelepíteni és ahogy olvassa be az adatokat úgy szabályos ütem ben sípolgat. Ez is a vírus része? |
Szerző: | stell [ csüt. feb. 24, 2011 13:13 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szia. Ez igen csak érdekes, mivel ha ujra telepetited a rendszert, uj HDD,akkor ennek nem kéne, nem szabad lennie. De a tünetek szerint ez fertőzés. A leirtak szerint, en szerintem, VIRUT,sality,jeffo, fertőzésed lehetett. Tehat ha ez a fertozes volt, akkor, ha az ujra telepites utan hasznaltad az Flash,Pendrive,mp3,es igy tovabb, adathordozokat,vissza raktad az adataidat, ,, akkor mindig visza telepited ezt a fertőzést, es ez a fertozes, rosszab, mint a lepra. Kar hogy csak most fordultal hozzam, meg sporoltal volna kiadasokat. ![]() De nem csodalkozom, mivel, a Forumokon igen sokkat latom ezeket a bölcs tanacsokat, futtasd ezt, amaszt ![]() Ezek a tanacsok sosem segitenek, a mai fertozesek, mar nem gyerek jatekok, ez mar biznis. A mai fertozesek Rootkit TDL4,gyerek jatek kijatszani az antivirust es az tuzfalat,,,ugy hogy fel sem ismerik a fertozest,, amugy itt irtam róla a szlovak blogomban, http://virusstell.blogspot.com/2011/02/rootkit-tdl.html A jobb oldalon van fordító. De tedd ide az RSIT logjat hogy megnezem: http://www.virus-stell.com/2010/04/rsit.html |
Szerző: | durward [ csüt. feb. 24, 2011 11:27 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell ! Szia! Adott egy Acer travelmate 2501 lc gép. 1. Rendszerfelállás után nem sokkal rengeteg súgó és támogatás ablak jelenik meg,amint becsukom újrakezdi de akkor már 10-et vagy még többet nyit meg. Folyamatosan tölt . 2. Újraindításnál meg sípol néha. csak újraindítás után előszöri bekapcsolásnál semmi. Folyamatosan tölt,de mégsem történik semmi Kicseréltem a hdd-t egy másikra újratelepítettem de ugyanaz maradt a helyzet. Kicseréltem a dvd meghajtót semmi változás HelpCtr.exe híbát ír ki néha. (0xc0000142) kóddal Mit tegyek? Előre is köszi a válaszokat. |
Szerző: | Laci_L [ pén. jan. 21, 2011 18:00 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
n-s írta: ... Mondd, te normális vagy? Vagy egy hülyegyerek, aki beregel, és egyből elsőre leírja ezt a baromságot. ![]() Jobb ha elhúzol innen jó messzire, egy olyan fórumba, ahol a hasonlóak között kiélheted magad. ![]() Úgyis bannolnak egyhamar, ha ezt folytatod. ![]() Ps: stell megelőzött. Nagyon finoman fogalmazott. |
Szerző: | stell [ pén. jan. 21, 2011 13:09 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
n-s írta: stell, és amcsi...! Boztos, hogy ez az oldal így, erre való??? Telebaxxátok a siteot hülyeségekkel, legközelebb inkább mailben, egymás közt, plíz! thx Igen, ez egy igen szakszerű hozza szólás,csak sajnos nem tudom hogy most hol van probléma. 1:Rosszul aludtad ki magad és meg mindig álmodozol. 2:Eltévedtél és véletlenül beregisztráltál ide a terminal.hu fórumra. 3:Vagy mar fel ébredtél és jó ötletnek tálaltad hogy írsz valamit, De kérlek ne ide írjál hanem a gyerek sarokba, de sajnos a Terminal.hu fórumon ilyen,nincsen üdv |
Szerző: | n-s [ pén. jan. 21, 2011 12:42 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell, és amcsi...! Boztos, hogy ez az oldal így, erre való??? Telebaxxátok a siteot hülyeségekkel, legközelebb inkább mailben, egymás közt, plíz! thx |
Oldal: 8 / 35 | Időzóna: UTC + 1 óra |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |