CCleaner-t futtattam - analizálás nélkül -, aztán ComboFix-t futtattam, végzett. Itt a a log txt.file, gondolom kéred... Eddig Ok minden?
ComboFix 09-11-05.05 - hello 009.11.06. 18:30.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2047.1376 [GMT 1:00]
Running from: c:\documents and settings\hello\Asztal\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091106-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 17:01 . 2009-11-06 17:01 -------- d-----w- c:\program files\CCleaner
2009-11-05 20:01 . 2009-10-21 15:49 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-04 17:11 . 2009-10-17 06:44 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-04 17:06 . 2009-11-04 17:06 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-04 17:06 . 2009-11-04 17:06 -------- d-----w- c:\program files\Alien Shooter
2009-11-04 17:06 . 2009-11-04 17:06 -------- d-----w- C:\BDS
2009-11-02 00:20 . 2009-11-02 00:20 -------- d-----w- c:\documents and settings\hello\Local Settings\Application Data\Aspyr
2009-10-29 22:54 . 2009-10-29 22:54 -------- d-----w- c:\program files\DIFX
2009-10-27 01:33 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-27 01:33 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-27 01:33 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-27 01:33 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-27 01:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-27 01:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-27 01:33 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-27 01:33 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-27 01:33 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-27 01:33 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-27 01:33 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-10-27 01:33 . 2009-10-27 01:33 -------- d-----w- c:\program files\Alwil Software
2009-10-17 07:50 . 2009-10-17 07:50 22328 ----a-w- c:\documents and settings\hello\Application Data\PnkBstrK.sys
2009-10-17 07:50 . 2009-10-17 07:50 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-10 09:46 . 2009-10-17 16:50 -------- d-----w- c:\documents and settings\hello\Local Settings\Application Data\Lucasarts
2009-10-10 00:33 . 2009-10-10 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SWTCWRH
2009-10-10 00:31 . 2009-10-10 00:31 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 17:28 . 2009-09-24 15:37 -------- d-----w- c:\documents and settings\hello\Application Data\Skype
2009-11-06 17:25 . 2009-02-06 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 16:25 . 2009-01-10 17:52 -------- d-----w- c:\documents and settings\hello\Application Data\uTorrent
2009-11-06 16:24 . 2009-02-06 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-06 15:47 . 2009-09-24 15:43 -------- d-----w- c:\documents and settings\hello\Application Data\skypePM
2009-11-04 17:33 . 2008-12-16 21:16 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-11-02 17:04 . 2008-12-17 17:56 14576 ----a-w- c:\documents and settings\hello\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 22:57 . 2008-12-15 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-01 10:12 . 2009-02-25 22:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-01 10:12 . 2009-02-25 22:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-19 06:11 . 2008-04-15 12:00 130686 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-19 06:11 . 2008-04-15 12:00 124000 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-19 00:05 . 2008-12-16 21:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-17 21:59 . 2008-12-26 18:08 -------- d-----w- c:\program files\Electronic Arts
2009-10-17 07:50 . 2009-01-27 15:32 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-17 07:50 . 2009-01-27 15:32 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-17 07:50 . 2009-01-27 15:32 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-10 00:31 . 2009-06-01 08:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-06 04:52 . 2009-10-06 04:52 -------- d-----w- c:\program files\FIFA 10
2009-10-03 23:52 . 2009-02-06 18:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 08:26 . 2009-10-06 05:05 342599 ----a-w- c:\windows\fifa10_uninstall.exe
2009-09-29 12:14 . 2009-09-28 19:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-28 19:26 . 2009-09-28 19:23 -------- d-----w- c:\program files\Windows Live
2009-09-28 19:25 . 2009-09-28 19:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-28 19:24 . 2009-09-28 19:24 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-28 19:23 . 2009-09-28 19:23 -------- d-----w- c:\program files\Microsoft
2009-09-28 19:23 . 2009-09-28 19:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-28 19:17 . 2009-09-28 19:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-24 15:43 . 2009-09-24 15:43 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-24 15:38 . 2009-01-16 14:03 -------- d-----w- c:\program files\Google
2009-09-24 15:37 . 2009-09-24 15:36 -------- d-----r- c:\program files\Skype
2009-09-24 15:36 . 2009-09-24 15:36 -------- d-----w- c:\program files\Common Files\Skype
2009-09-24 15:36 . 2009-09-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-21 18:04 . 2009-09-21 18:03 -------- d-----w- c:\program files\3DO
2009-09-21 18:04 . 2009-09-21 18:03 -------- d-----w- c:\program files\Common Files\3DO Shared
2009-09-19 21:53 . 2009-08-19 20:09 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-19 20:06 . 2009-09-19 20:06 -------- d-----w- c:\program files\Common Files\DirectX
2009-09-11 14:19 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:59 . 2008-04-15 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-15 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-04_18.45.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 16:26 . 2009-11-06 16:26 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2009-11-06 16:26 . 2009-11-06 16:26 16384 c:\windows\Temp\Perflib_Perfdata_654.dat
+ 2009-11-06 16:26 . 2009-11-06 16:26 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
+ 2008-12-16 20:35 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-11-04 19:24 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-04 19:24 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-15 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-15 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2008-12-15 21:10 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2009-11-04 19:24 . 2009-08-06 18:23 575704 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
+ 2008-10-16 13:07 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-12-17 17:12 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
+ 2009-11-03 17:24 . 2009-11-06 16:30 224631 c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-15 21:10 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-12-15 21:10 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-12-15 21:10 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-11-04 19:26 . 2008-07-08 13:05 398200 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 19:26 . 2008-07-08 13:05 233848 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2008-12-15 21:10 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-04-15 12:00 . 2009-10-22 09:18 5939712 c:\windows\system32\mshtml.dll
+ 2008-12-15 21:10 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2008-04-15 12:00 . 2009-10-22 09:18 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-04 19:26 . 2009-08-29 07:59 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe" [2007-03-29 222128]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-03-25 1130496]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Jet Screenshot"="c:\program files\Jet Screenshot\jetScreenshot.exe" [2009-05-10 3804160]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-07-04 5968384]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-11 86016]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-03-25 380928]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-11 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\hello\Start Menu\Programs\Indˇt˘pult\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-18 575488]
Registration Ghost Recon Advanced WarfighterR 2.LNK - d:\games\Ubisoft\Ghost Recon Advanced Warfighter 2\Support\Register\RegistrationReminder.exe [2009-10-30 874000]
Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK - d:\games\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe [2009-9-28 868352]
Registration Heroes of Might & Magic 5 - Tribes of the East.LNK - d:\games\Ubisoft\Heroes of Might and Magic V\Tribes of the East\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe [2009-10-1 868352]
Registration Heroes of Might & Magic 5.LNK - d:\games\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2009-9-28 868352]
c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digest32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\AgeOfEmpiresII\\empires2.exe"=
"c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
"c:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"d:\\GAMES\\Valve\\Condition Zero\\czero.exe"=
"d:\\GAMES\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"d:\\GAMES\\TimeGate Studios\\section 8\\Binaries\\S8Game-F.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\GAMES\\LucasArts\\Republic Heroes\\Republic Heroes.exe"=
"d:\\GAMES\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"d:\\GAMES\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\GAMES\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\GAMES\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"d:\\GAMES\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"d:\\GAMES\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows társ-társ csoportosítás
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"4719:TCP"= 4719:TCP:4719
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009.10.27. 2:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009.10.27. 2:33 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009.09.28. 20:26 54752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008.12.15. 22:40 36864]
S2 gupdate1ca3d2ceec936e0;Google frissítési szolgáltatás (gupdate1ca3d2ceec936e0);c:\program files\Google\Update\GoogleUpdate.exe [2009.09.24. 16:37 133104]
S3 fsssvc;Windows Live Családbiztonság szolgáltatás;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009.08.05. 21:48 704864]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 15:37]
2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 15:37]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-06 18:35
Windows 5.1.2600 Szervizcsomag 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sphe.sys >>UNKNOWN [0x89E03938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
atapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBA5FCB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBA5FCB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBA5FCB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBA8E98B4 sfsync02.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBA5FCB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBA5FCB40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-2000478354-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1757981266-2000478354-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:af,d0,f5,a2,88,07,fb,7d,8d,3d,84,8e,a6,b6,fb,b0,95,ee,d5,b3,43,f9,f4,
17,dd,14,12,62,a5,f3,3a,3e,83,33,55,9e,7b,d6,f2,7e,1f,0d,04,87,9c,e4,80,ca,\
"??"=hex:2e,5f,b1,3a,8e,74,11,82,c5,eb,9b,58,27,56,e8,01
[HKEY_USERS\S-1-5-21-1757981266-2000478354-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:ef,54,e1,8c,6f,bc,fb,d6,59,18,d3,77,c2,6f,ad,d6,70,9a,75,e8,da,
0a,c0,a4,4e,f6,dc,c6,21,74,e7,00,bb,f0,ad,a8,2a,e1,e5,f5,0e,7a,24,38,c8,75,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4696)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-06 18:37
ComboFix-quarantined-files.txt 2009-11-06 17:37
ComboFix2.txt 2009-11-04 18:49
Pre-Run: 52 571 471 872 bájt szabad
Post-Run: 52 527 468 544 bájt szabad
- - End Of File - - 5E120906B404506B19F07503369ED05B