Terminál Fórum - Téma megtekintése

Megválaszolatlan hozzászólások | Aktív témák

Pontos idő: szer. jún. 05, 2024 22:30

sdfixlog

Moderátorok: Wiki, Moderátorok

Oldal: 1 / 1

[ 9 hozzászólás ]

Nyomtatóbarát verzió

Előző téma | Következő téma

sdfixlog

Szerző	Üzenet
intelfan05 vas-tag Csatlakozott: szomb. jan. 24, 2009 12:46 Hozzászólások: 7	Az Office 2003 maradékainak az eltüntetésére nincs valami jó trükköd ? Az Office remover nem jött be.
vas. feb. 01, 2009 16:15

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	nemtudom mijen eros a geped mehet a PCTOOLS-tuzfal,ZoneAlarm ha eroseb akor COMODO
vas. feb. 01, 2009 15:43

intelfan05 vas-tag Csatlakozott: szomb. jan. 24, 2009 12:46 Hozzászólások: 7	http://www.virustotal.com/hu/analisis/7 ... 7b44a28a9f Melyik tűzfalat ? (ZoneAlarmot ne)
vas. feb. 01, 2009 15:05

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	ok,torold ki az SDFIX mapat, szed le a combofixet a geprol eztet teszteld le C:\WINDOWS\makefolder.exe VIRUSTOTALu erddmenyrol a linket ide pucold att CCleaneral Tegy fel tuzfalat.
vas. feb. 01, 2009 14:11

intelfan05 vas-tag Csatlakozott: szomb. jan. 24, 2009 12:46 Hozzászólások: 7	Gond nélkül lefutottak. A kért log fájlok: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:31:55, on 2009.02.01. Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\makefolder.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\hijack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=https=ftp=gopher=socks= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 3261 bytes ComboFix 09-01-31.01 - Rendszergazda 2009-02-01 13:26:57.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1038.18.511.227 [GMT 1:00] Running from: c:\documents and settings\Rendszergazda\Asztal\Combo-Fix.exe Command switches used :: c:\documents and settings\Rendszergazda\Asztal\CFScript.txt.txt AV: AVG 7.5.463 On-access scanning enabled (Outdated) AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MPR_FREADER -------\Service_Automatikus LiveUpdate ütemező -------\Service_mpr_freader ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-02-01 11:11 . 2009-02-01 11:11 <DIR> d-------- C:\ComboFix 2009-02-01 10:20 . 2009-02-01 10:20 577,024 --a------ c:\windows\system32\DllCache\user32.dll 2009-02-01 10:19 . 2009-02-01 10:19 <DIR> d-------- c:\windows\ERUNT 2009-02-01 10:07 . 2009-02-01 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-01-31 22:51 . 2009-01-31 22:51 <DIR> d-------- c:\program files\VS Revo Group 2009-01-31 22:47 . 2009-01-31 22:50 <DIR> d-------- c:\program files\Unlocker 2009-01-31 22:15 . 2009-01-31 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7 2009-01-31 21:41 . 2009-01-31 21:41 <DIR> d-------- c:\program files\Avira 2009-01-31 21:41 . 2009-01-31 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-31 21:11 . 2009-01-31 21:13 4,212 ---h----- c:\windows\system32\zllictbl.dat 2009-01-31 21:10 . 2009-01-31 21:57 <DIR> d-------- c:\windows\Internet Logs 2009-01-31 13:05 . 2009-01-31 13:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-31 08:43 . 2009-01-31 09:30 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-01-31 08:42 . 2008-06-14 19:00 272,512 --------- c:\windows\system32\DllCache\bthport.sys 2009-01-31 08:36 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\DllCache\rmcast.sys 2009-01-31 08:35 . 2008-04-11 19:52 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll 2009-01-31 08:35 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\DllCache\mrxsmb.sys 2009-01-31 08:35 . 2008-12-11 12:57 333,184 --------- c:\windows\system32\DllCache\srv.sys 2009-01-31 08:35 . 2008-05-01 15:33 331,776 --------- c:\windows\system32\DllCache\msadce.dll 2009-01-31 08:34 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll 2009-01-31 08:34 . 2008-10-15 18:01 332,800 --------- c:\windows\system32\DllCache\netapi32.dll 2009-01-31 08:34 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll 2009-01-31 08:01 . 2009-01-31 08:01 <DIR> d-------- c:\program files\CCleaner 2009-01-31 07:51 . 2009-01-31 23:14 <DIR> d-------- C:\hijack . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 22:09 --------- d-----w c:\documents and settings\Rendszergazda\Application Data\uTorrent 2009-01-31 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-01-31 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-29 09:44 --------- d-----w c:\program files\Abev 2006 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-04 15:41 951,552 ----a-w c:\windows\system32\oodtrrs.dll 2008-11-04 15:32 546,048 ----a-w c:\windows\system32\oodssrs.dll 2008-11-04 15:30 9,984 ----a-w c:\windows\system32\oodbsrs.dll 2008-11-04 15:29 8,448 ----a-w c:\windows\system32\oodagrs.dll 2008-11-04 15:28 12,544 ----a-w c:\windows\system32\oodagmg.dll . ------- Sigcheck ------- 2004-08-17 16:47 82944 af3cc3cb92fb06a47ce979fb9d2ca127 c:\windows\ServicePackFiles\i386\ws2_32.dll 2008-04-14 17:02 82432 ea551e1ab5ba99da3397517bdd278e94 c:\windows\SoftwareDistribution\Download\2bf244c34e0a21b28aea9a31cdb601b8\ws2_32.dll 2008-05-05 19:25 86528 bc2337e531b145bb01a0799ef68a7260 c:\windows\system32\ws2_32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-11-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MakeFolder"="c:\windows\makefolder.exe" [2006-11-14 69632] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "AtiPTA"="atiptaxx.exe" [2006-11-14 c:\windows\system32\atiptaxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-11-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.divxa32"= DivXa32.acm "vidc.SEDG"= mcs_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\Downloads\\utorrent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-01-05 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-01-05 5248] S3 SIWIO;SIWIO;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211af712-ad4e-11db-9953-0016171134bd}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f501c6ea-a6d3-11db-992f-0016171134bd}] \Shell\AutoRun\command - F:\autorun.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=https=ftp=gopher=socks= IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\q23eukeb.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 13:29:10 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADCEBDE1-208B-234C-85A4-1DD6F8B45DCC}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "japobbkiodiellelkmng"=hex:62,61,6c,6d,00,00 "japobbkiodiellelkmjg"=hex:62,61,70,6d,00,00 "iaplgbjogfemikbjoe"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d, 70,6d,6e,6f,00,00 "hafmplnbjcphkaff"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d, 62,6e,68,62,00,00 [HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\ati2evxx.exe . ************************************************************************** . Completion time: 2009-02-01 13:30:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-01 12:30:01 ComboFix2.txt 2009-02-01 10:17:57 Pre-Run: 8 719 831 040 bájt szabad Post-Run: 8,709,931,008 bájt szabad 157 --- E O F --- 2009-01-31 08:36:10
vas. feb. 01, 2009 13:34

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Kinyitod a Notepadot>Start>futatas>beirod notepad Es bemasolod a piros textet Kód: KILLALL:: Driver:: mpr_freader Automatikus LiveUpdate ütemező Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint.... A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl< legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide Es az uj HijackThis logjat ted ide OK
vas. feb. 01, 2009 11:35

intelfan05 vas-tag Csatlakozott: szomb. jan. 24, 2009 12:46 Hozzászólások: 7	ComboFix 09-01-31.01 - Rendszergazda 2009-02-01 11:14:43.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1038.18.511.226 [GMT 1:00] Running from: c:\documents and settings\Rendszergazda\Asztal\Combo-Fix.exe AV: AVG 7.5.463 On-access scanning enabled (Outdated) AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ayboqqhj.ini c:\windows\system32\bdehknpo.ini c:\windows\system32\bdehknpo.ini2 c:\windows\system32\dudnvcah.ini c:\windows\system32\epbuldpb.ini c:\windows\system32\eqixpxki.ini c:\windows\system32\gsgollri.ini c:\windows\system32\hRAIkUvw.ini c:\windows\system32\hRAIkUvw.ini2 c:\windows\system32\imliprfl.ini c:\windows\system32\kssvirku.ini c:\windows\system32\ltnnjuuv.ini c:\windows\system32\pcdsexhi.ini c:\windows\system32\vaxxshpt.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSECURITY1.209.4 -------\Legacy_NETLOGON_HOTKEY_POLLER -------\Legacy_ntmssvcnetlogon -------\Service_Netlogon HotKey Poller -------\Service_ntmssvcnetlogon ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-02-01 11:11 . 2009-02-01 11:11 <DIR> d-------- C:\ComboFix 2009-02-01 10:20 . 2009-02-01 10:20 577,024 --a------ c:\windows\system32\DllCache\user32.dll 2009-02-01 10:19 . 2009-02-01 10:19 <DIR> d-------- c:\windows\ERUNT 2009-02-01 10:07 . 2009-02-01 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-01-31 22:51 . 2009-01-31 22:51 <DIR> d-------- c:\program files\VS Revo Group 2009-01-31 22:47 . 2009-01-31 22:50 <DIR> d-------- c:\program files\Unlocker 2009-01-31 22:15 . 2009-01-31 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7 2009-01-31 21:41 . 2009-01-31 21:41 <DIR> d-------- c:\program files\Avira 2009-01-31 21:41 . 2009-01-31 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-31 21:11 . 2009-01-31 21:13 4,212 ---h----- c:\windows\system32\zllictbl.dat 2009-01-31 21:10 . 2009-01-31 21:57 <DIR> d-------- c:\windows\Internet Logs 2009-01-31 13:05 . 2009-01-31 13:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-31 08:43 . 2009-01-31 09:30 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-01-31 08:42 . 2008-06-14 19:00 272,512 --------- c:\windows\system32\DllCache\bthport.sys 2009-01-31 08:36 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\DllCache\rmcast.sys 2009-01-31 08:35 . 2008-04-11 19:52 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll 2009-01-31 08:35 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\DllCache\mrxsmb.sys 2009-01-31 08:35 . 2008-12-11 12:57 333,184 --------- c:\windows\system32\DllCache\srv.sys 2009-01-31 08:35 . 2008-05-01 15:33 331,776 --------- c:\windows\system32\DllCache\msadce.dll 2009-01-31 08:34 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll 2009-01-31 08:34 . 2008-10-15 18:01 332,800 --------- c:\windows\system32\DllCache\netapi32.dll 2009-01-31 08:34 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll 2009-01-31 08:01 . 2009-01-31 08:01 <DIR> d-------- c:\program files\CCleaner 2009-01-31 07:51 . 2009-01-31 23:14 <DIR> d-------- C:\hijack . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 22:09 --------- d-----w c:\documents and settings\Rendszergazda\Application Data\uTorrent 2009-01-31 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-01-31 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-29 09:44 --------- d-----w c:\program files\Abev 2006 2008-12-12 17:36 3,081,216 ----a-w c:\windows\system32\DllCache\mshtml.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-07 17:32 2,109,440 ------w c:\windows\system32\DllCache\WMVCore.dll 2008-11-04 15:41 951,552 ----a-w c:\windows\system32\oodtrrs.dll 2008-11-04 15:32 546,048 ----a-w c:\windows\system32\oodssrs.dll 2008-11-04 15:30 9,984 ----a-w c:\windows\system32\oodbsrs.dll 2008-11-04 15:29 8,448 ----a-w c:\windows\system32\oodagrs.dll 2008-11-04 15:28 12,544 ----a-w c:\windows\system32\oodagmg.dll . ------- Sigcheck ------- 2004-08-17 16:47 82944 af3cc3cb92fb06a47ce979fb9d2ca127 c:\windows\ServicePackFiles\i386\ws2_32.dll 2008-04-14 17:02 82432 ea551e1ab5ba99da3397517bdd278e94 c:\windows\SoftwareDistribution\Download\2bf244c34e0a21b28aea9a31cdb601b8\ws2_32.dll 2008-05-05 19:25 86528 bc2337e531b145bb01a0799ef68a7260 c:\windows\system32\ws2_32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-11-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MakeFolder"="c:\windows\makefolder.exe" [2006-11-14 69632] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "AtiPTA"="atiptaxx.exe" [2006-11-14 c:\windows\system32\atiptaxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-11-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.divxa32"= DivXa32.acm "vidc.SEDG"= mcs_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\Downloads\\utorrent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"= R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-01-05 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-01-05 5248] S3 mpr_freader;MPR FileReader Driver; [x] S3 SIWIO;SIWIO;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?] S4 Automatikus LiveUpdate ütemező;Automatikus LiveUpdate ütemező; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211af712-ad4e-11db-9953-0016171134bd}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f501c6ea-a6d3-11db-992f-0016171134bd}] \Shell\AutoRun\command - F:\autorun.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=https=ftp=gopher=socks= IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\q23eukeb.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 11:17:04 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADCEBDE1-208B-234C-85A4-1DD6F8B45DCC}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "japobbkiodiellelkmng"=hex:62,61,6c,6d,00,00 "japobbkiodiellelkmjg"=hex:62,61,70,6d,00,00 "iaplgbjogfemikbjoe"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d, 70,6d,6e,6f,00,00 "hafmplnbjcphkaff"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d, 62,6e,68,62,00,00 [HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\windows\system32\ati2evxx.exe . ************************************************************************** . Completion time: 2009-02-01 11:17:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-01 10:17:54 Pre-Run: 8 785 735 680 bájt szabad Post-Run: 8,711,254,016 bájt szabad 175 --- E O F --- 2009-01-31 08:36:10
vas. feb. 01, 2009 11:19

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	ha fent van a combofix szedle a geprol mert mar regi,start-futatas-masold be combofix /u ok es utana toldsd le ezt a combofixet ted az asztalra es futasd combofix logjat ted ide.
vas. feb. 01, 2009 10:36

intelfan05 vas-tag Csatlakozott: szomb. jan. 24, 2009 12:46 Hozzászólások: 7	sdfixlog Szia Stell ! Lefutott a Symantec remover és az SDFix is, de az sdfix mindig valami symantec-es dll fájl miatt reklamált. A remover ment le először.A combofix meg azt írja, hogy egy avg antivírus program van fenn, amit sehol nem találok, nem tudom leszedni. Itt a kért log file: SDFix: Version 1.240 Run by Rendszergazda on 2009-02-01 at 10:20 Microsoft Windows XP [verziószám: 5.1.2600] Running From: C:\SDFix Checking Services : Name : bqzpas Path : \??\C:\WINDOWS\system32\bqzpas.sys bqzpas - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\739251~1 - Deleted C:\v - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 10:24:22 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:3ebcd9f5 "s2"=dword:afe52bd3 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:44,08,f5,85,83,a5,9a,19,2b,c1,40,d6,7e,21,87,49,83,ea,d7,2d,35,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:44,08,f5,85,83,a5,9a,19,2b,c1,40,d6,7e,21,87,49,83,ea,d7,2d,35,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADCEBDE1-208B-234C-85A4-1DD6F8B45DCC}] "japobbkiodiellelkmng"=hex:62,61,6c,6d,00,00 "japobbkiodiellelkmjg"=hex:62,61,70,6d,00,00 "iaplgbjogfemikbjoe"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d,70,6d,6e,.. "hafmplnbjcphkaff"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d,62,6e,68,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BitComet\\Downloads\\utorrent.exe"="C:\\Program Files\\BitComet\\Downloads\\utorrent.exe::Enabled:µTorrent" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Microsoft Internet Explorer" "C:\\Documents and Settings\\Rendszergazda\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Rendszergazda\\Application Data\\SopCast\\adv\\SopAdver.exe::Enabled:SopCast Adver" "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe::Enabled:Kaspersky Anti-Virus 7.0 Setup" "C:\\Documents and Settings\\Rendszergazda\\Local Settings\\temp\\WZSE0.TMP\\SymNRT.exe"="C:\\Documents and Settings\\Rendszergazda\\Local Settings\\temp\\WZSE0.TMP\\SymNRT.exe::Enabled:Norton Removal Tool" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files* : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished!
vas. feb. 01, 2009 10:32
Hozzászólások megjelenítése: Rendezés

Oldal: 1 / 1

[ 9 hozzászólás ]

Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 1 vendég

Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség