Gond nélkül lefutottak. A kért log fájlok:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:55, on 2009.02.01.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\makefolder.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=https=ftp=gopher=socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 3261 bytes
ComboFix 09-01-31.01 - Rendszergazda 2009-02-01 13:26:57.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1038.18.511.227 [GMT 1:00]
Running from: c:\documents and settings\Rendszergazda\Asztal\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rendszergazda\Asztal\CFScript.txt.txt
AV: AVG 7.5.463 *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MPR_FREADER
-------\Service_Automatikus LiveUpdate ütemező
-------\Service_mpr_freader
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.
2009-02-01 11:11 . 2009-02-01 11:11 <DIR> d-------- C:\ComboFix
2009-02-01 10:20 . 2009-02-01 10:20 577,024 --a------ c:\windows\system32\DllCache\user32.dll
2009-02-01 10:19 . 2009-02-01 10:19 <DIR> d-------- c:\windows\ERUNT
2009-02-01 10:07 . 2009-02-01 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-31 22:51 . 2009-01-31 22:51 <DIR> d-------- c:\program files\VS Revo Group
2009-01-31 22:47 . 2009-01-31 22:50 <DIR> d-------- c:\program files\Unlocker
2009-01-31 22:15 . 2009-01-31 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-01-31 21:41 . 2009-01-31 21:41 <DIR> d-------- c:\program files\Avira
2009-01-31 21:41 . 2009-01-31 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-31 21:11 . 2009-01-31 21:13 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-31 21:10 . 2009-01-31 21:57 <DIR> d-------- c:\windows\Internet Logs
2009-01-31 13:05 . 2009-01-31 13:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-31 08:43 . 2009-01-31 09:30 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-31 08:42 . 2008-06-14 19:00 272,512 --------- c:\windows\system32\DllCache\bthport.sys
2009-01-31 08:36 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\DllCache\rmcast.sys
2009-01-31 08:35 . 2008-04-11 19:52 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll
2009-01-31 08:35 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\DllCache\mrxsmb.sys
2009-01-31 08:35 . 2008-12-11 12:57 333,184 --------- c:\windows\system32\DllCache\srv.sys
2009-01-31 08:35 . 2008-05-01 15:33 331,776 --------- c:\windows\system32\DllCache\msadce.dll
2009-01-31 08:34 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
2009-01-31 08:34 . 2008-10-15 18:01 332,800 --------- c:\windows\system32\DllCache\netapi32.dll
2009-01-31 08:34 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
2009-01-31 08:01 . 2009-01-31 08:01 <DIR> d-------- c:\program files\CCleaner
2009-01-31 07:51 . 2009-01-31 23:14 <DIR> d-------- C:\hijack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 22:09 --------- d-----w c:\documents and settings\Rendszergazda\Application Data\uTorrent
2009-01-31 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-01-31 22:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-29 09:44 --------- d-----w c:\program files\Abev 2006
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-04 15:41 951,552 ----a-w c:\windows\system32\oodtrrs.dll
2008-11-04 15:32 546,048 ----a-w c:\windows\system32\oodssrs.dll
2008-11-04 15:30 9,984 ----a-w c:\windows\system32\oodbsrs.dll
2008-11-04 15:29 8,448 ----a-w c:\windows\system32\oodagrs.dll
2008-11-04 15:28 12,544 ----a-w c:\windows\system32\oodagmg.dll
.
------- Sigcheck -------
2004-08-17 16:47 82944 af3cc3cb92fb06a47ce979fb9d2ca127 c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 17:02 82432 ea551e1ab5ba99da3397517bdd278e94 c:\windows\SoftwareDistribution\Download\2bf244c34e0a21b28aea9a31cdb601b8\ws2_32.dll
2008-05-05 19:25 86528 bc2337e531b145bb01a0799ef68a7260 c:\windows\system32\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-11-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MakeFolder"="c:\windows\makefolder.exe" [2006-11-14 69632]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AtiPTA"="atiptaxx.exe" [2006-11-14 c:\windows\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-11-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.divxa32"= DivXa32.acm
"vidc.SEDG"= mcs_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\Downloads\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-01-05 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-01-05 5248]
S3 SIWIO;SIWIO;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{211af712-ad4e-11db-9953-0016171134bd}]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f501c6ea-a6d3-11db-992f-0016171134bd}]
\Shell\AutoRun\command - F:\autorun.exe
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/
uInternet Settings,ProxyServer = http=https=ftp=gopher=socks=
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\q23eukeb.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-01 13:29:10
Windows 5.1.2600 Szervizcsomag 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADCEBDE1-208B-234C-85A4-1DD6F8B45DCC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"japobbkiodiellelkmng"=hex:62,61,6c,6d,00,00
"japobbkiodiellelkmjg"=hex:62,61,70,6d,00,00
"iaplgbjogfemikbjoe"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d,
70,6d,6e,6f,00,00
"hafmplnbjcphkaff"=hex:6b,61,6f,6d,69,6a,67,68,70,6f,6a,6b,6c,6e,68,62,62,6d,
62,6e,68,62,00,00
[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2009-02-01 13:30:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-01 12:30:01
ComboFix2.txt 2009-02-01 10:17:57
Pre-Run: 8 719 831 040 bájt szabad
Post-Run: 8,709,931,008 bájt szabad
157 --- E O F --- 2009-01-31 08:36:10