Terminál Fórum - Téma megtekintése - sokat fagy ill. újraindul

Megválaszolatlan hozzászólások | Aktív témák

Pontos idő: vas. nov. 10, 2024 20:47

sokat fagy ill. újraindul

Moderátorok: Wiki, Moderátorok

Oldal: 2 / 3

[ 106 hozzászólás ]

Oldal Előző 1, 2, 3 Következő

Nyomtatóbarát verzió

Előző téma | Következő téma

sokat fagy ill. újraindul

Szerző	Üzenet
stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul igen,minden pontot kitorolhetsz a CCleaneral,,es aztan ha minden jo lesz csinalhatsz ujat,ugyanugy ahogy visszaalitotad,de most a varazsloval csinalsz ujat-minden oda van irva. Virussok nincsenek, a prefetch-torold most es aztan meg tisztids ki a gepet CCleaneral meg az ATF-cleaneral: http://virus-stell.blogspot.com/2010/04 ... ztito.html Olvasd figyelmesen es a jelszavakat ne torold le,,es aztan mar ha minden jo akkor mar nebansad a gepet,ne telepts semmit se.
pén. aug. 06, 2010 13:05

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul CCleanernél a rendszerhelyreállításnál töröljek ki mindent? Automata frissítést kikapcsoltam. prefetch törlését majd a legvégén csináljuk? vírusok azok már nincsenek....azok végérvényesen kinyírtuk, ugye?
pén. aug. 06, 2010 12:33

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder C:\WINDOWS\system32\.tmp.dll not found. File/Folder C:\WINDOWS\system32\SET.tmp not found. C:\WINDOWS\Installer\MSI8FC.tmp moved successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Exif Launcher S.lnk moved successfully. C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\Data folder moved successfully. C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage folder moved successfully. C:\Program Files\Alwil Software\Avast5\Setup folder moved successfully. C:\Program Files\Alwil Software\Avast5\Lic folder moved successfully. C:\Program Files\Alwil Software\Avast5\flash\ammap\maps folder moved successfully. C:\Program Files\Alwil Software\Avast5\flash\ammap\icons folder moved successfully. C:\Program Files\Alwil Software\Avast5\flash\ammap folder moved successfully. C:\Program Files\Alwil Software\Avast5\flash folder moved successfully. C:\Program Files\Alwil Software\Avast5\defs\10080500 folder moved successfully. C:\Program Files\Alwil Software\Avast5\defs folder moved successfully. C:\Program Files\Alwil Software\Avast5\1038 folder moved successfully. C:\Program Files\Alwil Software\Avast5 folder moved successfully. C:\Program Files\Alwil Software folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\Spamconf folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\sounds folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\log folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\HtmlData folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\fw folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\chest folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully. ========== SERVICES/DRIVERS ========== Service zlportio stopped successfully! Service zlportio deleted successfully! ========== COMMANDS ========== [EMPTYTEMP] User: admin ->Temp folder emptied: 77041635 bytes ->Temporary Internet Files folder emptied: 890442 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 41157231 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 405 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 106450 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 57840106 bytes Total Files Cleaned = 169.00 mb OTM by OldTimer - Version 3.1.15.0 log created on 08062010_132005 Files moved on Reboot... Registry entries deleted on Reboot...
pén. aug. 06, 2010 12:28

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul igen-keveseb a hely-mivel ott van a sok frissites,kapcsold ki az automatikus frissiteset -mert ugy nezki hogy a rendszer nem legalis. Kitorolom az Avastot is aztan majd feltelepited-ajanlom a CCleaneral-talald meg a mai visszaalitasi pontot es torold ki-mert ha leesik valamikor a rendszer visszaalithatja az eredetiseg vizsgalatat. http://oldtimer.geekstogo.com/OTM.exe toldsd le-es futtasd le ezt a scriptet,mar tudod hogyan kel. Kód: :processes explorer.exe :files C:\WINDOWS\system32\.tmp.dll /s C:\WINDOWS\system32\SET.tmp /s C:\WINDOWS\*.tmp /s C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Exif Launcher S.lnk C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Program Files\Alwil Software C:\Documents and Settings\All Users\Application Data\Alwil Software :services zlportio :commands [emptytemp] [start explorer] [Reboot]
pén. aug. 06, 2010 12:19

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Vírusírtó után is több hely volt.... A vírusok már kiírtva vannak, azokat nem kell újból ugye??? ___________ Logfile of random's system information tool 1.08 (written by random/random) Run by admin at 2010-08-06 13:02:53 Microsoft Windows XP Professional Szervizcsomag 2 System drive C: has 4 GB (20%) free of 20 GB Total RAM: 503 MB (56% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:03:14, on 2010/08/06 Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\admin\Asztal\RSIT.exe C:\Program Files\trend micro\admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkoz?ok O2 - BHO: Adobe PDF Reader hivatkoz?s? - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file) O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live ????? ??? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WeatherBugAlert] "C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ?????????? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Windows Live Writer ?????????????????(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui el?et?t?e - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Komponenskateg?i? gyors???az?i szolg?tat?a - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour ?·? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Logikai lemezkezel·fel·yeleti szolg?tat? (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Esem?ynapl (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google ????· ?·? (gupdate1c9de067a73b746) (gupdate1c9de067a73b746) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: IMAPI CD-?et·COM-szolg?tat? (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: iPod ?·? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NetMeeting t?oli asztalmegoszt? (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: T?oli asztal s?·munkamenet?ek kezel?e (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Intelligens k?tya (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Teljes?m?ynapl? ? riaszt?ok (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: K?et ?ny?m?olata (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI teljes?m?yadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 10944 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader hivatkozássúgó - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ????? ???— - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-04 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {32099AAC-C132-4136-9E9A-4E364A424E17} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-06 77824] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-05-07 159744] "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488] "fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176] "WeatherBugAlert"=C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe [2009-07-08 442368] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\admin\Start Menu\Programs\Indítópult OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Akademiai Kiado\Akademiai Elektronikus Konyvtar\bin\NPLocal.exe"="C:\Program Files\Akademiai Kiado\Akademiai Elektronikus Konyvtar\bin\NPLocal.exe::Enabled:NXT Personal Edition HTTP Server" "C:\Program Files\utorrent\utorrent.exe"="C:\Program Files\utorrent\utorrent.exe::Enabled:?Torrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe::Enabled:Sony Ericsson Media Manager 1.2" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live Sync" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE::Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE::Enabled:Microsoft Office OneNote" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe::Enabled:Skype Extras Manager" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe::Enabled:T?seg?s? - Windows Messenger ? besz?kapcsolat" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour ???" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe::Enabled:Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======List of files/folders created in the last 1 months====== 2010-08-06 13:02:53 ----D---- C:\rsit 2010-08-06 12:41:49 ----D---- C:\Program Files\Common Files\DESIGNER 2010-08-06 11:37:51 ----DC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-08-06 11:37:32 ----DC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-08-06 11:33:39 ----DC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-08-06 11:33:26 ----DC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-08-06 11:33:05 ----DC---- C:\WINDOWS\$NtUninstallKB958869$ 2010-08-06 11:32:37 ----DC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-08-06 11:32:28 ----DC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-08-06 11:32:11 ----DC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-08-06 11:32:01 ----DC---- C:\WINDOWS\$NtUninstallKB938828$ 2010-08-06 11:31:50 ----DC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-08-06 11:31:40 ----DC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-08-06 11:31:25 ----DC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-08-06 11:31:14 ----DC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-08-06 11:31:03 ----DC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-08-06 11:30:32 ----DC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-08-06 11:30:22 ----DC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-08-06 11:30:13 ----DC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-08-06 11:30:03 ----DC---- C:\WINDOWS\$NtUninstallKB946026$ 2010-08-06 11:29:27 ----DC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-08-06 11:26:03 ----DC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-08-06 11:25:49 ----DC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-08-06 11:21:18 ----DC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-08-06 11:21:09 ----DC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-08-06 11:21:01 ----DC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-08-06 11:20:50 ----DC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2010-08-06 11:20:45 ----DC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-08-06 11:20:33 ----DC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-08-06 11:20:20 ----DC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-08-06 11:19:06 ----DC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-08-06 11:18:38 ----DC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-08-06 11:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-08-06 11:11:00 ----DC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-08-06 11:10:42 ----DC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-08-06 10:59:20 ----SHD---- C:\Config.Msi 2010-08-06 10:56:58 ----DC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-08-06 10:55:48 ----DC---- C:\WINDOWS\$NtUninstallKB973904$ 2010-08-06 10:55:38 ----DC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-08-06 10:55:26 ----DC---- C:\WINDOWS\$NtUninstallKB945553$ 2010-08-06 10:55:06 ----DC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-08-06 10:54:50 ----DC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-08-06 10:54:42 ----DC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-08-06 10:54:33 ----DC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-08-06 10:54:27 ----DC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-08-06 10:54:17 ----DC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-08-06 10:54:02 ----D---- C:\WINDOWS\ServicePackFiles 2010-08-06 10:54:00 ----DC---- C:\WINDOWS\$NtUninstallKB958470$ 2010-08-06 10:53:49 ----DC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-08-06 10:53:36 ----DC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-08-06 10:44:42 ----DC---- C:\WINDOWS\$NtUninstallKB971032$ 2010-08-06 10:44:09 ----DC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$ 2010-08-06 10:40:31 ----DC---- C:\WINDOWS\$NtUninstallKB943055$ 2010-08-06 10:40:08 ----DC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-08-06 10:39:55 ----A---- C:\WINDOWS\imsins.BAK 2010-08-06 10:39:48 ----DC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-08-06 08:38:58 ----D---- C:\Program Files\Safari 2010-08-05 23:00:50 ----D---- C:\Program Files\Alwil Software 2010-08-05 23:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-08-05 19:40:46 ----SHD---- C:\RECYCLER 2010-08-05 19:13:33 ----D---- C:\WINDOWS\temp 2010-08-05 15:22:33 ----A---- C:\Boot.bak 2010-08-05 15:22:21 ----RASHD---- C:\cmdcons 2010-08-05 15:19:01 ----D---- C:\WINDOWS\ERDNT 2010-08-05 14:58:53 ----D---- C:\Program Files\CCleaner 2010-08-05 12:08:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-05 11:49:45 ----D---- C:\Documents and Settings\admin\Application Data\Malwarebytes 2010-08-05 11:49:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-08-05 11:42:48 ----D---- C:\Program Files\trend micro 2010-07-28 13:25:17 ----D---- C:\Program Files\Larousse ======List of files/folders modified in the last 1 months====== 2010-08-06 12:47:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-06 12:45:27 ----SHD---- C:\WINDOWS\Installer 2010-08-06 12:43:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-08-06 12:42:12 ----D---- C:\WINDOWS\WinSxS 2010-08-06 12:41:49 ----D---- C:\WINDOWS\system32 2010-08-06 12:41:49 ----D---- C:\Program Files\Common Files 2010-08-06 12:41:17 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-08-06 12:41:16 ----RSD---- C:\WINDOWS\Fonts 2010-08-06 12:36:05 ----HD---- C:\WINDOWS\inf 2010-08-06 12:28:18 ----D---- C:\WINDOWS\system32\config 2010-08-06 12:28:02 ----D---- C:\WINDOWS\system32\wbem 2010-08-06 12:28:02 ----D---- C:\WINDOWS\Registration 2010-08-06 12:27:53 ----D---- C:\WINDOWS 2010-08-06 12:27:14 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-08-06 12:27:14 ----D---- C:\WINDOWS\system32\drivers 2010-08-06 12:26:19 ----D---- C:\Program Files\Outlook Express 2010-08-06 12:26:15 ----D---- C:\Program Files\Internet Explorer 2010-08-06 12:26:08 ----D---- C:\Program Files\Microsoft Works 2010-08-06 12:25:13 ----D---- C:\Program Files\Movie Maker 2010-08-06 12:24:54 ----D---- C:\Program Files\Microsoft Silverlight 2010-08-06 12:24:12 ----D---- C:\WINDOWS\system32\Setup 2010-08-06 12:24:04 ----D---- C:\WINDOWS\AppPatch 2010-08-06 12:23:38 ----D---- C:\WINDOWS\system32\Restore 2010-08-06 11:59:23 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-06 11:59:18 ----RSD---- C:\WINDOWS\assembly 2010-08-06 11:40:22 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-06 11:33:37 ----HD---- C:\WINDOWS\$hf_mig$ 2010-08-06 11:33:13 ----D---- C:\WINDOWS\ie8updates 2010-08-06 10:59:00 ----A---- C:\WINDOWS\WIN.INI 2010-08-06 10:54:35 ----D---- C:\WINDOWS\Prefetch 2010-08-06 10:41:10 ----D---- C:\Program Files 2010-08-06 10:02:07 ----D---- C:\WINDOWS\system32\CatRoot 2010-08-06 10:01:13 ----D---- C:\WINDOWS\system32\CatRoot_bak 2010-08-05 22:56:16 ----A---- C:\WINDOWS\WINCMD.INI 2010-08-05 22:50:59 ----RASH---- C:\boot.ini 2010-08-05 19:40:46 ----SHD---- C:\System Volume Information 2010-08-05 19:40:45 ----D---- C:\WINDOWS\twain_32 2010-08-05 19:02:14 ----A---- C:\WINDOWS\system.ini 2010-08-05 19:02:02 ----D---- C:\WINDOWS\system32\drivers\etc 2010-08-05 16:39:56 ----SD---- C:\WINDOWS\Tasks 2010-08-05 15:11:13 ----D---- C:\WINDOWS\SxsCaPendDel 2010-08-05 15:01:22 ----D---- C:\WINDOWS\Minidump 2010-08-05 15:01:22 ----D---- C:\WINDOWS\Debug 2010-08-04 17:12:40 ----A---- C:\WINDOWS\NeroDigital.ini 2010-08-04 11:24:20 ----D---- C:\Program Files\Mahjong Quest 2 2010-08-04 09:18:52 ----D---- C:\WINDOWS\Help 2010-08-03 21:13:05 ----D---- C:\Documents and Settings\admin\Application Data\uTorrent 2010-08-03 07:47:27 ----D---- C:\Program Files\Mozilla Firefox 2010-07-29 00:12:43 ----D---- C:\Documents and Settings\admin\Application Data\Skype 2010-07-28 20:48:01 ----D---- C:\Documents and Settings\admin\Application Data\skypePM 2010-07-28 13:34:40 ----HD---- C:\Program Files\InstallShield Installation Information 2010-07-27 03:51:38 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2010-07-22 12:23:28 ----D---- C:\Program Files\K-Lite Codec Pack 2010-07-19 13:01:19 ----D---- C:\Documents and Settings\admin\Application Data\Spider Player ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-06-04 874240] R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2008-08-20 44944] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672] R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 40320] R1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848] R1 WmiAcpi;Microsoft Windows ACPI kezelő felület; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672] R3 BCM43XX;Broadcom 802.11 hálózati adapter illesztőprogramja; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-01 604928] R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-12 625664] R3 HDAudBus;Microsoft UAA busz-illesztőprogram - High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-04-23 16768] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-20 988800] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-20 209664] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-06 1168860] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-20 730112] S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880] S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016] S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504] S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488] S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648] S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 gUSBSTOi;gUSBSTOi; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\gUSBSTOi.sys [] S3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-06 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-06 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-06 21568] S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [] S3 PAC207;CIF USB Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 505984] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 usbaudio;USB audio-illesztőprogram (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 usbvideo;USB videoeszköz (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S4 s24trans;WLAN-szállítási mód; C:\WINDOWS\system32\DRIVERS\s24trans.sys [] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-15 691696] S4 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 Bonjour Service;Bonjour ?—??; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 hpqddsvc;HP CUE DeviceDiscovery szolgáltatás; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336] R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336] R3 iPod Service;iPod ?—??; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576] S2 gupdate1c9de067a73b746;Google ????—? ?—?? (gupdate1c9de067a73b746); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-26 133104] S3 aspnet_state;ASP.NET-állapotszolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live ????— ?—?????—??; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 183280] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2004-01-30 65625] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2004-01-30 65622] S4 NetTcpPortSharing;Net.Tcp portmegosztási szolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
pén. aug. 06, 2010 12:10

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul ok,az a oka hogy visszaallitotuk a rendszer ezert eltunt a virus irto is,,de a maradekat leszedjuk,tedd ide az RSIT logjat.
pén. aug. 06, 2010 11:58

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Eltűnt Vírusirtó viszont még nincs fenn - tudom az okát - de mégis 1 GB kevesebb hely van mint este volt.
pén. aug. 06, 2010 11:57

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul nem kelesz ujra telepites a combofix is csinalt visszalitasi pontot,,ha nemsikerul a rendszer el akkor majd vissza hozzuk a combofixet.
pén. aug. 06, 2010 11:33

nacorvus a fórum lelke Csatlakozott: vas. szept. 12, 2004 18:08 Hozzászólások: 6037 Tartózkodási hely: Usa	Re: sokat fagy ill. újraindul Látom stell szerzet magának egy stabil kuncsaftkört! Idézet: 3körül jönnek a gépért Akkor még bőven van időd,keress egy visszaállítási pontot,feltéve ha maradt. Visszaállítod,vírustalanítasz és nem rakod fel a frissítéseket. Ha nem jön össze,akkor még a gép újratelepítése is belefér bőven az időbe.
pén. aug. 06, 2010 11:22

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul Na ugy nez ki hogy letoltoted a microsoft eredeti vizsgalatat a gepre,es eztet ez csinalja. Alitsd vissza a rendszert: menj le csokkentet modba; klik-start-klik-futtatas-masold be ezt a parancsot. %systemroot%\system32\restore\rstrui.exe allitsd vissza a rendszer a tegnapi datumra,,ha a pontot hamarab csinalta a rendszer akkor jo lesz ,ha kesobb mielot letoltoted az eredetitseg vizsgalatat akkor kitalalunk valami mast,,majd ird meg mi van.
pén. aug. 06, 2010 11:19

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Szia! Nagy baj van (?) Tegnap este illetve éjjel még levettem a gépről azt a javító konzulat, hogy a fekete ablak ne jelenjen meg bekapcsoláskor. Plusz feltettem az Avast securityt - az én gépemen az van (tiszta!!) Ma reggel meg végigfuttattam a frissítéseket - látom már nem kellett - erre a háttér fekete lett (ikonok megmaradtak) és ott ül az ablak sarkán , hogy "Előfordulhat, hogy ön szoftverhamisítás áldozata lett........." Hiába adtam neki azt, hogy ne jelenjen meg. És kikapcsolás is lassan megy (windows) Mit tehetek, hogy helyrerakjam a hibát? 3körül jönnek a gépért
pén. aug. 06, 2010 11:11

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul ok. Nincsen mit. Szia.
pén. aug. 06, 2010 8:18

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul nagyon szépen köszönöm Kriszti nevében is ezt a hatalmas segítséget!!!!!!!! Ha gond lesz jelentkezek! Isten áldjon meg a nagylelkűségedért és segítségedért! Jóéjt! Andi
csüt. aug. 05, 2010 20:54

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul Nem ez minden,ma mar vegzek, Udv.
csüt. aug. 05, 2010 20:49

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Akkor jó, már azt hittem ennyire fáradt vagyok szerintem jó a gép. esetleg te látsz még valamit? Most fut a töredezetmentesítő......a tűzfalas dolgot elhalasztom holnapra, mert arra oda kellene nagyon figyelni.
csüt. aug. 05, 2010 20:45

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul nem is lathattad,mivel csak kesobb irtam oda,,igy en kerek elnezest.
csüt. aug. 05, 2010 20:39

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Ezt a mondatot nem láttam Elnézést.
csüt. aug. 05, 2010 20:37

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul irtam Idézet: Nem problemak a belepesel, hanem el lophatak a jelszavakat, mivel bootkit ferozes is volt a gepen,,,
csüt. aug. 05, 2010 20:35

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul oké megmondom neki..... de mivel működik a windowsos belépési jelszó azért azt is változtassa meg?
csüt. aug. 05, 2010 20:33

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul jelszok E-Mail,msn,ICQ,windows,,,tehat mindet Nem problemak a belepesel, hanem el lophatak a jelszavakat, mivel bootkit ferozes is volt a gepen,,, Itt a forumonkon a kolegam leirta a PCTOOLS bealitasat-ezt ha igy bealitodd,nemis kerdez sokkat-leforditotam neked a googleval-csak klikelj a linkre http://translate.google.com/translate?j ... hu&act=url
csüt. aug. 05, 2010 20:27

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul stell írta: Fel kel rakni Tuzfalat-ajanlom az PCTOOLS-tuzfalat-a Spyware doctor nelkull-de nem tudom nem lesz e a baratnodnek a tuzfalal problema. megkell valtozttatni minden jelszot-mivel bootkit fertozes is volt a geppen. talan-enyi az egesz. -Még nem raktam fel tűzfalat.. és hogy tűzfal problémája lesz-e nem tudom..... Nyelvész így a világ különböző pontjával tartja a kapcsolatot. -Ezt a jelszavas dolgot nem értem. Jelszóval védett a gépe, de belépéskor nem volt semmi probléma. Esetleges problémák lehetnek majd egy egy belépésnél valamelyik programnál vagy netes oldalon? - Van a gépemen egy olyan kiegészítő - Firefox - hogy a googlinál ha keresek valamit akkor kiírja illetve jelőli, hogy vesz élyeztetett az oldal. Nem tudod véletlenül melyik ez?
csüt. aug. 05, 2010 20:25

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul Igen A Norton-kituno-de az Fizetos-es erre agepre nem ajanlom-keves a RAM- Miert az AVIRA-kituno antivirus-itt az volt a baj hogy nincsen tuzfal,,ha nem kell akkor az ingyenes Avastot-ingabb-de ahogy irtam az Aviranak kituno a motorja0es a detekcioja is--az utolso idoben talan a legjobb.
csüt. aug. 05, 2010 20:14

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Jaj majdnem elfelejtettem. Norton szeretné, hogy feltegyem a gépére, mint vírusírtót. Az nem fogja a gépet, erre a gépre mehet? Mi a véleményed? Avira már nem kell neki. (Nekem avastom van) _ Meg kell változtatni mindent mert jelszavak is vírusosak voltak?? Ezt hogy érted?
csüt. aug. 05, 2010 20:10

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul Meg csinald meg eztet. start-futtatas-ird be prefetch ok nyomd be az ctrl+A-aztan-shift+del-bele egyezel a torlesbe. Csinalj torezedes mentest Fel kel rakni Tuzfalat-ajanlom az PCTOOLS-tuzfalat-a Spyware doctor nelkull-de nem tudom nem lesz e a baratnodnek a tuzfalal problema. megkell valtozttatni minden jelszot-mivel bootkit fertozes is volt a geppen. talan-enyi az egesz.
csüt. aug. 05, 2010 19:58

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Újraindításkor eltüntek a doc fájlok Felesleges fájlok/mappák gondolom már nincsenek. (?) Szerintem minden oké. Én nem érzékelek semmi rossz viselkedést.Remélem ez nem csak átmeneti érzés
csüt. aug. 05, 2010 19:51

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul ok,futtasd az OTM-progit-klik-Cleanup-yes,yes, pucold att CCleaneral es azokat a programokat amit mink raktunk az asztalra torold ki,,a Doc-torold ki őket es kesz. Aztan ird le hogy viselkedik a gep.
csüt. aug. 05, 2010 19:06

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Újraindításkor lett egy thumps.db és 3db doc fájl az asztalon All processes killed ========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== File/Folder C:\WINDOWS\system32\.tmp.dll not found. File/Folder C:\WINDOWS\system32\SET.tmp not found. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10F.tmp folder moved successfully. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP135.tmp folder moved successfully. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21.tmp folder moved successfully. C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt155.tmp moved successfully. C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt18D.tmp moved successfully. C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt20.tmp moved successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows Live\Toolbar\Feeds\rss61.tmp moved successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows Live\Toolbar\Feeds\rss62.tmp moved successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows Live\Toolbar\Feeds\rss63.tmp moved successfully. C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully. c:\documents and settings\NetworkService\Application Data\qcopjv.dat moved successfully. c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 18023306 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 560 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2376 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 17.00 mb Restore points cleared and new OTM Restore Point set! OTM by OldTimer - Version 3.1.15.0 log created on 08052010_194029 Files moved on Reboot... Registry entries deleted on Reboot...
csüt. aug. 05, 2010 18:57

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul ok szed le a combofixet-start-futtatas-masold be combofix /uninstall ok Toldsd le ezt a programot az asztalra: http://oldtimer.geekstogo.com/OTM.exe Futtasd-a Balablakjaba masold be a zold textet-klik a piros gombra MOVEIT-a restrt utan a logot tedd ide: Kód: :processes explorer.exe :files C:\WINDOWS\system32\.tmp.dll /s C:\WINDOWS\system32\SET.tmp /s C:\WINDOWS\*.tmp /s c:\documents and settings\NetworkService\Application Data\qcopjv.dat c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat :commands [emptytemp] [emptyflash] [ClearAllRestorePoints] [start explorer] [Reboot]
csüt. aug. 05, 2010 18:36

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul ComboFix 10-08-04.05 - admin 2010/08/05 18:55:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.81.1038.18.503.255 [GMT 2:00] Running from: c:\documents and settings\admin\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\admin\Asztal\CFScript.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 12:58 . 2010-08-05 12:58 -------- d-----w- c:\program files\CCleaner 2010-08-05 10:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-05 10:08 . 2010-08-05 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-05 10:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 09:49 . 2010-08-05 09:49 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes 2010-08-05 09:49 . 2010-08-05 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-05 09:42 . 2010-08-05 09:43 -------- d-----w- C:\rsit 2010-08-05 09:42 . 2010-08-05 09:43 -------- d-----w- c:\program files\trend micro 2010-07-28 11:25 . 2010-07-28 11:35 -------- d-----w- c:\program files\Larousse 2010-07-06 17:41 . 2010-07-06 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 09:52 . 2007-08-01 20:30 99960 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-04 09:24 . 2007-08-09 12:35 -------- d-----w- c:\program files\Mahjong Quest 2 2010-08-03 19:13 . 2007-12-23 11:43 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent 2010-07-28 22:12 . 2009-05-26 13:33 -------- d-----w- c:\documents and settings\admin\Application Data\Skype 2010-07-28 18:48 . 2007-12-17 23:09 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM 2010-07-28 11:34 . 2007-08-02 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-27 01:51 . 2010-05-30 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-07-22 10:23 . 2007-08-04 14:29 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-19 13:27 . 2010-05-30 05:52 158996 ----a-w- c:\windows\hpoins15.dat 2010-07-19 11:01 . 2009-03-06 18:20 -------- d-----w- c:\documents and settings\admin\Application Data\Spider Player 2010-07-13 03:35 . 2010-06-09 21:07 16 ----a-w- c:\documents and settings\NetworkService\Application Data\qcopjv.dat 2010-07-10 14:49 . 2010-06-11 06:42 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat 2010-07-06 17:42 . 2010-07-06 17:42 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-06-24 03:37 . 2010-06-25 00:47 1356155 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aescript.dll 2010-06-24 03:16 . 2010-06-25 00:46 430453 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aepack.dll 2010-06-24 03:03 . 2010-06-25 00:46 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aeheur.dll 2010-06-24 02:02 . 2010-06-25 00:46 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aehelp.dll 2010-06-24 01:54 . 2010-06-25 00:46 377204 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aegen.dll 2010-06-16 23:47 . 2010-05-02 09:03 -------- d-----w- c:\program files\iTunes 2010-06-16 23:39 . 2010-05-02 09:03 -------- d-----w- c:\program files\iPod 2010-06-10 14:33 . 2010-01-29 08:43 -------- d-----w- c:\program files\Freeze.com 2010-06-04 11:17 . 2010-06-18 23:31 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aeheur.dll 2010-06-04 11:17 . 2010-06-15 22:55 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aeheur.dll 2010-06-04 11:17 . 2010-06-12 22:35 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aeheur.dll 2010-06-02 09:15 . 2010-06-18 23:33 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-15 22:55 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-12 22:37 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-18 23:31 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-15 22:54 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-12 22:35 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-18 23:31 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aegen.dll 2010-06-02 09:15 . 2010-06-15 22:54 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aegen.dll 2010-06-02 09:15 . 2010-06-12 22:35 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aegen.dll 2010-05-13 18:21 . 2010-06-25 00:47 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-18 23:33 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-15 22:55 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-12 22:37 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-25 00:46 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-18 23:32 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-15 22:55 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-12 22:36 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-25 00:46 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-18 23:31 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-15 22:54 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-12 22:34 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aecore.dll 2008-12-11 16:56 . 2008-11-17 11:26 35244 ----a-w- c:\program files\surfer.set 2008-12-10 18:44 . 2008-11-17 11:26 7089 ----a-w- c:\program files\surfer.ini . ------- Sigcheck ------- [-] 2008-04-14 . B3F79A7FEA348313717DCB795C3DD205 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7785006bf44efb569bd0793e34e31b9a\sfcfiles.dll [-] 2007-06-08 . 788D7B0B0DC349333820187628EE590E . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176] "WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2009-07-08 442368] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360] c:\documents and settings\admin\Start Menu\Programs\Indˇt˘pult\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Akademiai Kiado\\Akademiai Elektronikus Konyvtar\\bin\\NPLocal.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\admin\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\admin\LOCALS~1\Temp\gUSBSTOi.sys [?] S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2008/02/12 20:24 505984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 13:32] 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 13:32] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 19:02 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\imjp81.ime c:\windows\system32\imjp81k.dll c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC - - - - - - - > 'explorer.exe'(2772) c:\windows\system32\WININET.dll c:\windows\system32\imjp81.ime c:\windows\system32\imjp81k.dll c:\windows\system32\themeui.dll c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\FinePixViewerS\QuickDCF2.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************ . Completion time: 2010-08-05 19:13:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-05 17:13 ComboFix2.txt 2010-08-05 14:47 ComboFix3.txt 2010-08-05 13:43 Pre-Run: 5,288,259,584 bájt szabad Post-Run: 5,278,003,200 bájt szabad - - End Of File - - 1246E6877DEBC328666CCE6C47386F5A
csüt. aug. 05, 2010 18:25

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul ahogy gondolod,ha artogatnak beteheted,mi majd rendet csinalunk amit ,mi raktunk fel. Tolcsed le a Temp cleanert es futtasd le: http://www.virus-stell.com/2010/05/temp ... itasa.html ok,A MBR-mar most rendben van, Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad tedd ide. Kód: KILLALL:: Extra:: FireFox:: FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
csüt. aug. 05, 2010 17:40

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Annyi minden van az asztalon, hogy nem tudok kiigazodni melyik az amivel dolgozok. Asszem az összes cuccost beteszem egy mappába amit a hugi tett oda és ha végeztünk visszateszem. A munkánkat ezt nem fogja zavarni, ugye?
csüt. aug. 05, 2010 17:36

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Elmentek a testvéremék, de a gépet itt hagyták, majd holnap is eljönnek. .\debug.cpp(238) : Debug log started at 05.08.2010 - 16:20:25 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Szervizcsomag 2 (build 2600) .\debug.cpp(248) : ******************************************** .\debug.cpp(249) : * [ LOADED MODULES INFORMATION ] ********* .\debug.cpp(250) : ****************************************** .\debug.cpp(256) : 0x804d7000 0x001f8000 "\WINDOWS\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x806cf000 0x00020280 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf8972000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf8882000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf8343000 0x0002e000 "ACPI.sys" .\debug.cpp(256) : 0xf8974000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf8332000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf8472000 0x00009000 "isapnp.sys" .\debug.cpp(256) : 0xf8886000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf888a000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf8a3a000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf86f2000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf8976000 0x00002000 "intelide.sys" .\debug.cpp(256) : 0xf8314000 0x0001e000 "pcmcia.sys" .\debug.cpp(256) : 0xf8482000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf82f5000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf8978000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf82cf000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf888e000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf8a3b000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf86fa000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf8492000 0x0000d000 "VolSnap.sys" .\debug.cpp(256) : 0xf82b7000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf81e1000 0x000d6000 "iaStor.sys" .\debug.cpp(256) : 0xf84a2000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf84b2000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf81c1000 0x00020000 "fltMgr.sys" .\debug.cpp(256) : 0xf81af000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf84c2000 0x0000a000 "PxHelp20.sys" .\debug.cpp(256) : 0xf8198000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf8185000 0x00013000 "WudfPf.sys" .\debug.cpp(256) : 0xf80f8000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xf80cb000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf80b0000 0x0001b000 "Mup.sys" .\debug.cpp(256) : 0xf8572000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf7111000 0x0011e000 "\SystemRoot\system32\DRIVERS\ialmnt5.sys" .\debug.cpp(256) : 0xf70fd000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf70d8000 0x00025000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0xf7044000 0x00094000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys" .\debug.cpp(256) : 0xf87b2000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf7021000 0x00023000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf87ba000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf6ffa000 0x00027000 "\SystemRoot\system32\DRIVERS\e100b325.sys" .\debug.cpp(256) : 0xf8582000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf87c2000 0x00005000 "\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys" .\debug.cpp(256) : 0xf8592000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS" .\debug.cpp(256) : 0xf6f7f000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys" .\debug.cpp(256) : 0xf87ca000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf87d2000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf85a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys" .\debug.cpp(256) : 0xf85b2000 0x0000d000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xf85c2000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xf6f5c000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf87da000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys" .\debug.cpp(256) : 0xf891a000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys" .\debug.cpp(256) : 0xf85d2000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf87e2000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xf7675000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf7671000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys" .\debug.cpp(256) : 0xf8ace000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf85e2000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf7655000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf5d12000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf726f000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf725f000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf882a000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf5cd9000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf724f000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf8832000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf883a000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf5ca8000 0x00031000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf723f000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf8842000 0x00006000 "\SystemRoot\system32\DRIVERS\seehcri.sys" .\debug.cpp(256) : 0xf89ba000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf5baf000 0x00059000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf892e000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf893e000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys" .\debug.cpp(256) : 0xf722f000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xa4e2b000 0x000a3000 "\SystemRoot\system32\drivers\CHDAud.sys" .\debug.cpp(256) : 0xa4e07000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xa8983000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xa4dd3000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys" .\debug.cpp(256) : 0xa4ce1000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys" .\debug.cpp(256) : 0xa4c2e000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys" .\debug.cpp(256) : 0xa9045000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS" .\debug.cpp(256) : 0xa8933000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xf8a26000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xf8a28000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf8a7b000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf8a2a000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xa9015000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf8a2c000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf8a2e000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xa900d000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xa9005000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xf5b9f000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xa4b66000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xa4b0e000 0x00058000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xa4ae6000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xa4ac4000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xa8923000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xa4a99000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xa4a02000 0x0006f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xa8913000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xa49e1000 0x00021000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xa56d1000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xa49d0000 0x00011000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0xaa2c7000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xaa2c3000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xf89b2000 0x00002000 "\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys" .\debug.cpp(256) : 0x9e596000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0x9dc15000 0x000d6000 "\SystemRoot\System32\Drivers\dump_iaStor.sys" .\debug.cpp(256) : 0xbf800000 0x001c3000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x9e689000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xf884a000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf9c3000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xa1bbf000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbf9e4000 0x00022000 "\SystemRoot\System32\ialmdnt5.dll" .\debug.cpp(256) : 0xbf9d5000 0x0000f000 "\SystemRoot\System32\ialmrnt5.dll" .\debug.cpp(256) : 0xbfa06000 0x0003b000 "\SystemRoot\System32\ialmdev5.DLL" .\debug.cpp(256) : 0xbfa41000 0x000f0000 "\SystemRoot\System32\ialmdd5.DLL" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xf728f000 0x0000c000 "\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys" .\debug.cpp(256) : 0xf5cfe000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x9dbe8000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0x9db5c000 0x00014000 "\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys" .\debug.cpp(256) : 0x9dae2000 0x00052000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0x9dba8000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys" .\debug.cpp(256) : 0x9d7fd000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0x9e526000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0x9d56c000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0x9c750000 0x00023000 "\SystemRoot\System32\Drivers\Fastfat.SYS" .\debug.cpp(256) : 0x7c900000 0x000b4000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(263) : ****************************************** .\debug.cpp(307) : * [ DEVICE OBJECTS INFORMATION ] ********* .\debug.cpp(308) : ****************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice" .\debug.cpp(400) : Destination="\Device\WUDFLpcDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A1P__________________CH63____#5&255001cb&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000034" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination="\Device\Ip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BA5F3301-B2DB-4F48-B740-8F8DC7E47B8E}" .\debug.cpp(400) : Destination="\Device\{BA5F3301-B2DB-4F48-B740-8F8DC7E47B8E}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination="\Device\IPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination="\Device\avgio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}" .\debug.cpp(400) : Destination="\Device\0000008b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000033" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination="\Device\NDProxy" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement" .\debug.cpp(400) : Destination="\Device\ProcessManagement" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_1364103C&REV_01#4&4878531&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ0_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_30D5103C&REV_03#3&b1bfb68&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_192f&Pid_0416#6&2922fd45&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000093" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A6A7A21D-7208-46AD-B80C-081C410E7B1A}" .\debug.cpp(400) : Destination="\Device\{A6A7A21D-7208-46AD-B80C-081C410E7B1A}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\Winachsf0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination="\Device\PSched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination="\Device\IPNAT" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_30D5103C&REV_03#3&b1bfb68&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ1_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6ec8356f-a0a8-11df-bc96-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1F0B9BAE-6CD5-4144-85F9-1FF7E6059CC5}" .\debug.cpp(400) : Destination="\Device\{1F0B9BAE-6CD5-4144-85F9-1FF7E6059CC5}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\0000008b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\VideoPdo0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000039" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer" .\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000037" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(400) : Destination="\Device\INTELPRO_{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A1P__________________CH63____#5&255001cb&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination="\Device\sysaudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000038" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4BAA0DC6-71D2-42B8-BD4B-141AF4506308}" .\debug.cpp(400) : Destination="\Device\{4BAA0DC6-71D2-42B8-BD4B-141AF4506308}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000036" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ2_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fssfltr" .\debug.cpp(400) : Destination="\Device\fssfltr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_192f&Pid_0416#5&25243b3b&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000056" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e233dbc2-406b-11dc-b796-806d6172696f}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0" .\debug.cpp(400) : Destination="\Device\Pcmcia0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6492E5DE-276E-4FB0-BF0A-C4E7AD962D27}" .\debug.cpp(400) : Destination="\Device\{6492E5DE-276E-4FB0-BF0A-C4E7AD962D27}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_192f&Pid_0416#6&2922fd45&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000093" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0" .\debug.cpp(400) : Destination="\Device\HSF_MDMDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF9B7F9B7Offset4E2011E00LengthDBF4AE200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_30D5103C&REV_01#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureF9B7F9B7Offset7E00Length4E2002200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1068&SUBSYS_30D5103C&REV_01#4&2ec23395&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ3_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000053" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6ec8356e-a0a8-11df-bc96-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP" .\debug.cpp(400) : Destination="\Device\0000008b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000032" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ4_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000054" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NdisWanIp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A1P__________________CH63____#5&255001cb&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(400) : Destination="\Device\{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7E4A0F4D-C647-46A4-8F1D-2E56C1460D60}" .\debug.cpp(400) : Destination="\Device\{7E4A0F4D-C647-46A4-8F1D-2E56C1460D60}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0132#4&28738126&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_30D5103C&REV_01#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{539C3868-2201-4E4B-8591-5F05B9B15C51}" .\debug.cpp(400) : Destination="\Device\{539C3868-2201-4E4B-8591-5F05B9B15C51}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000035" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination="\Device\ParTechInc0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination="\Device\NdisTapi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\iaStor0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination="\Device\IPMULTICAST" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#seehcri#0000#{6374bba5-aaff-4809-aa9c-3eab8a52b861}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0" .\debug.cpp(400) : Destination="\Device\MICH_AZ0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination="\Device\ParTechInc1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination="\Device\DmLoader" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination="\Device\LanmanRedirector" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination="\Device\ParTechInc2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\FtControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A87C2E0F-9A46-46b8-8EC4-E33355FBE1F7}#KeyboardFilter#5&70b590b&0&01#{3569dbe5-fa4f-4e7e-96ec-540202073739}" .\debug.cpp(400) : Destination="\Device\00000086" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC7BP#4&d041eba&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000087" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{719B40DC-64CC-467C-9ED0-4F062423BAE3}" .\debug.cpp(400) : Destination="\Device\{719B40DC-64CC-467C-9ED0-4F062423BAE3}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&86cfe3b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination="\Device\avipbb" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13dc330&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo" .\debug.cpp(451) : ******************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1242) : Done;
csüt. aug. 05, 2010 17:31

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul oké csinálom
csüt. aug. 05, 2010 16:46

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul a bootkiremover.exe az asztalon van-kicsomagolva az azstalra-csomagold ki-az asztalra.
csüt. aug. 05, 2010 16:43

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul nem találja C:\Documents and Settings\admin\Asztal\bootkit_remover Remover.exe a bootkit_remover mappában van, nem lehet, hogy ez a baj? A hozzászólást 1 alkalommal szerkesztették, utoljára kataiandi csüt. aug. 05, 2010 16:44-kor.
csüt. aug. 05, 2010 16:38

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul klik-start-klik-futtatas-masold be ezt a parancsot az ablakba: "%userprofile%\asztal\remover.exe" fix \\.\PhysicalDrive0 [enter] restart Ujbol futtasd az Bootkit removert es a logjat tedd ide.
csüt. aug. 05, 2010 16:32

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul .\debug.cpp(238) : Debug log started at 05.08.2010 - 15:22:38 .\boot_cleaner.cpp(675) : Bootkit Remover .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab .\boot_cleaner.cpp(677) : www.esagelab.com .\boot_cleaner.cpp(681) : Program version: 1.1.0.0 .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Szervizcsomag 2 (build 2600) .\debug.cpp(248) : ******************************************** .\debug.cpp(249) : * [ LOADED MODULES INFORMATION ] ********* .\debug.cpp(250) : ****************************************** .\debug.cpp(256) : 0x804d7000 0x001f8000 "\WINDOWS\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x806cf000 0x00020280 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf8972000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf8882000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf8343000 0x0002e000 "ACPI.sys" .\debug.cpp(256) : 0xf8974000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf8332000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf8472000 0x00009000 "isapnp.sys" .\debug.cpp(256) : 0xf8886000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf888a000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf8a3a000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf86f2000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf8976000 0x00002000 "intelide.sys" .\debug.cpp(256) : 0xf8314000 0x0001e000 "pcmcia.sys" .\debug.cpp(256) : 0xf8482000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf82f5000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf8978000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf82cf000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf888e000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf8a3b000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf86fa000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf8492000 0x0000d000 "VolSnap.sys" .\debug.cpp(256) : 0xf82b7000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf81e1000 0x000d6000 "iaStor.sys" .\debug.cpp(256) : 0xf84a2000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf84b2000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf81c1000 0x00020000 "fltMgr.sys" .\debug.cpp(256) : 0xf81af000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf84c2000 0x0000a000 "PxHelp20.sys" .\debug.cpp(256) : 0xf8198000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf8185000 0x00013000 "WudfPf.sys" .\debug.cpp(256) : 0xf80f8000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xf80cb000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf80b0000 0x0001b000 "Mup.sys" .\debug.cpp(256) : 0xf85d2000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf70b4000 0x0011e000 "\SystemRoot\system32\DRIVERS\ialmnt5.sys" .\debug.cpp(256) : 0xf70a0000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf707b000 0x00025000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0xf6fe7000 0x00094000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys" .\debug.cpp(256) : 0xf87da000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf6fc4000 0x00023000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf87e2000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf6f9d000 0x00027000 "\SystemRoot\system32\DRIVERS\e100b325.sys" .\debug.cpp(256) : 0xf85e2000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf87ea000 0x00005000 "\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys" .\debug.cpp(256) : 0xf85f2000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS" .\debug.cpp(256) : 0xf6f22000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys" .\debug.cpp(256) : 0xf87f2000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf87fa000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf8602000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys" .\debug.cpp(256) : 0xf8612000 0x0000d000 "\SystemRoot\system32\DRIVERS\cdrom.sys" .\debug.cpp(256) : 0xf8622000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys" .\debug.cpp(256) : 0xf6eff000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf8802000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys" .\debug.cpp(256) : 0xf7618000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys" .\debug.cpp(256) : 0xf8632000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf880a000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xf7614000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf7610000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys" .\debug.cpp(256) : 0xf8b46000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf8642000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf891a000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf5c0d000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf7212000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf7202000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf8852000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf5bfc000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf71f2000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf885a000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf8862000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf5bcb000 0x00031000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf71e2000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf886a000 0x00006000 "\SystemRoot\system32\DRIVERS\seehcri.sys" .\debug.cpp(256) : 0xf89c2000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf5ad2000 0x00059000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf8932000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf893e000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys" .\debug.cpp(256) : 0xf71d2000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xa14d5000 0x000a3000 "\SystemRoot\system32\drivers\CHDAud.sys" .\debug.cpp(256) : 0xa14b1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xa2e6c000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xa147d000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys" .\debug.cpp(256) : 0xa138b000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys" .\debug.cpp(256) : 0xa12d8000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys" .\debug.cpp(256) : 0xa3b24000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS" .\debug.cpp(256) : 0xa2a89000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xf89bc000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0x9e0db000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xf8a2a000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0x9d83d000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf8a2c000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0x9d696000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf8a2e000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf8a30000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0x9d68e000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0x9d686000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0x9e0d3000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0x9cc81000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0x9cc29000 0x00058000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0x9cc01000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0x9cbdf000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0x9d738000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0x9cbb4000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0x9cb45000 0x0006f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0x9d728000 0x00009000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0x9cb24000 0x00021000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0x9cb13000 0x00011000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0x9d718000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0x9d81c000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xf8a38000 0x00002000 "\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys" .\debug.cpp(256) : 0x9d6f8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS" .\debug.cpp(256) : 0x9ca3d000 0x000d6000 "\SystemRoot\System32\Drivers\dump_iaStor.sys" .\debug.cpp(256) : 0xbf800000 0x001c3000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0x9d5c5000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0x9d4dc000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf9c3000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf8b5d000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbf9e4000 0x00022000 "\SystemRoot\System32\ialmdnt5.dll" .\debug.cpp(256) : 0xbf9d5000 0x0000f000 "\SystemRoot\System32\ialmrnt5.dll" .\debug.cpp(256) : 0xbfa06000 0x0003b000 "\SystemRoot\System32\ialmdev5.DLL" .\debug.cpp(256) : 0xbfa41000 0x000f0000 "\SystemRoot\System32\ialmdd5.DLL" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xf8582000 0x0000c000 "\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys" .\debug.cpp(256) : 0x9eca9000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x9c9e8000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0x9c934000 0x00014000 "\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys" .\debug.cpp(256) : 0x9c8ba000 0x00052000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0x9c978000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys" .\debug.cpp(256) : 0x9c5d5000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0x9c772000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0x9c2e6000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0x7c900000 0x000b4000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(263) : ****************************************** .\debug.cpp(307) : * [ DEVICE OBJECTS INFORMATION ] ********* .\debug.cpp(308) : ****************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination="\Device\Ndis" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice" .\debug.cpp(400) : Destination="\Device\WUDFLpcDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination="\Device\Video0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A1P__________________CH63____#5&255001cb&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination="\Device\Video1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000034" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination="\Device\Ip" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination="\Device\Video2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BA5F3301-B2DB-4F48-B740-8F8DC7E47B8E}" .\debug.cpp(400) : Destination="\Device\{BA5F3301-B2DB-4F48-B740-8F8DC7E47B8E}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination="\Device\IPSEC" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination="\Device\avgio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination="\Device\Video3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}" .\debug.cpp(400) : Destination="\Device\0000008b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000033" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\0000004a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature31A431A3Offset4E2011E00LengthDBF4AE200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination="\Device\NDProxy" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement" .\debug.cpp(400) : Destination="\Device\ProcessManagement" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination="\Device\Video4" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_1364103C&REV_01#4&4878531&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0014" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination="\Device\00000047" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination="\Device\CompositeBattery" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ0_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000050" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination="\Device\WMIDataDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_30D5103C&REV_03#3&b1bfb68&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{95b145ed-406a-11dc-a03c-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_192f&Pid_0416#6&2922fd45&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000093" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A6A7A21D-7208-46AD-B80C-081C410E7B1A}" .\debug.cpp(400) : Destination="\Device\{A6A7A21D-7208-46AD-B80C-081C410E7B1A}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination="\Device\NamedPipe" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3" .\debug.cpp(400) : Destination="\Device\Winachsf0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination="\Device\PSched" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&28738126&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000006e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination="\Device\Mup" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination="\Device\IPNAT" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_30D5103C&REV_03#3&b1bfb68&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice" .\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ1_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000051" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination="\Device\USBFDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination="\Device\Tcp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1F0B9BAE-6CD5-4144-85F9-1FF7E6059CC5}" .\debug.cpp(400) : Destination="\Device\{1F0B9BAE-6CD5-4144-85F9-1FF7E6059CC5}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}" .\debug.cpp(400) : Destination="\Device\0000008b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination="\Device\USBFDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination="\Device\VideoPdo0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000039" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer" .\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination="\DosDevices\LPT1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000037" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(400) : Destination="\Device\INTELPRO_{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A1P__________________CH63____#5&255001cb&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination="\Device\sysaudio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination="\Device\FsWrap" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000038" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4BAA0DC6-71D2-42B8-BD4B-141AF4506308}" .\debug.cpp(400) : Destination="\Device\{4BAA0DC6-71D2-42B8-BD4B-141AF4506308}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000036" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ2_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000052" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fssfltr" .\debug.cpp(400) : Destination="\Device\fssfltr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination="\GLOBAL??" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_192f&Pid_0416#5&25243b3b&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination="\Device\USBPDO-2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000056" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e233dbc2-406b-11dc-b796-806d6172696f}" .\debug.cpp(400) : Destination="\Device\CdRom0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0" .\debug.cpp(400) : Destination="\Device\Pcmcia0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6492E5DE-276E-4FB0-BF0A-C4E7AD962D27}" .\debug.cpp(400) : Destination="\Device\{6492E5DE-276E-4FB0-BF0A-C4E7AD962D27}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_192f&Pid_0416#6&2922fd45&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000093" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0" .\debug.cpp(400) : Destination="\Device\HSF_MDMDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature31A431A3Offset7E00Length4E2002200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_30D5103C&REV_01#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1068&SUBSYS_30D5103C&REV_01#4&2ec23395&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ3_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000053" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination="\Device\MountPointManager" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP" .\debug.cpp(400) : Destination="\Device\0000008b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000032" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination="\Device\00000043" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination="\Device\PxHelperDevice0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000049" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination="\Device\WANARP" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000004" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ4_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination="\Device\00000054" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination="\Device\NdisWanIp" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\00000003" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A1P__________________CH63____#5&255001cb&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination="\Device\KSENUM#00000002" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination="\Device\Ide\IdePort0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(400) : Destination="\Device\{BB5DB274-551B-4A2B-AE16-817521AE6906}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7E4A0F4D-C647-46A4-8F1D-2E56C1460D60}" .\debug.cpp(400) : Destination="\Device\{7E4A0F4D-C647-46A4-8F1D-2E56C1460D60}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0132#4&28738126&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000006f" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_30D5103C&REV_01#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{539C3868-2201-4E4B-8591-5F05B9B15C51}" .\debug.cpp(400) : Destination="\Device\{539C3868-2201-4E4B-8591-5F05B9B15C51}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination="\Device\00000035" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination="\Device\ParTechInc0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination="\Device\0000003e" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination="\Device\NdisTapi" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination="\Device\NdisWan" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination="\Device\Ide\iaStor0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination="\Device\IPMULTICAST" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#seehcri#0000#{6374bba5-aaff-4809-aa9c-3eab8a52b861}" .\debug.cpp(400) : Destination="\Device\0000003d" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0" .\debug.cpp(400) : Destination="\Device\MICH_AZ0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination="\Device\ParTechInc1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination="\Device\DmLoader" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination="\Device\LanmanRedirector" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30D5&REV_1001#4&102d4cbd&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination="\Device\0000008a" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination="\Device\ParTechInc2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination="\Device\FtControl" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination="\Device\HarddiskVolume1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{95b145ee-406a-11dc-a03c-806d6172696f}" .\debug.cpp(400) : Destination="\Device\HarddiskVolume2" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A87C2E0F-9A46-46b8-8EC4-E33355FBE1F7}#KeyboardFilter#5&70b590b&0&01#{3569dbe5-fa4f-4e7e-96ec-540202073739}" .\debug.cpp(400) : Destination="\Device\00000086" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541680J9SA00_________________SB2OC7BP#4&d041eba&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination="\Device\Ide\IAAStorageDevice-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination="\Device\MailSlot" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination="\DosDevices\COM1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&563a312&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination="\Device\00000087" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination="" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination="\Device\Ndisuio" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003c" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination="\Device\Null" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{719B40DC-64CC-467C-9ED0-4F062423BAE3}" .\debug.cpp(400) : Destination="\Device\{719B40DC-64CC-467C-9ED0-4F062423BAE3}" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&563a312&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\00000088" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination="\Device\0000003b" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&86cfe3b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-1" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination="\Device\avipbb" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&13dc330&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination="\Device\USBPDO-0" .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo" .\debug.cpp(451) : ******************************************** .\boot_cleaner.cpp(1077) : System volume is \\.\C: .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 .\boot_cleaner.cpp(424) : Boot sector MD5 is: d1d2ba68bb9b4db3d59d6b15035d0966 .\boot_cleaner.cpp(1151) : .\boot_cleaner.cpp(1152) : Size Device Name MBR Status .\boot_cleaner.cpp(1153) : -------------------------------------------- .\boot_cleaner.cpp(1197) : 74 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1203) : .\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1217) : remover.exe fix <device_name> .\boot_cleaner.cpp(1220) : .\boot_cleaner.cpp(1242) : Done;
csüt. aug. 05, 2010 16:29

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul defogger_disable by jpshortstuff (25.01.10.1) Log created at 17:15 on 05/08/2010 (admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=-
csüt. aug. 05, 2010 16:24

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul http://www.virustotal.com/hu/analisis/a ... 1281020818 http://www.virustotal.com/hu/analisis/8 ... 1281021142
csüt. aug. 05, 2010 16:18

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul Teszteld le az www.virustotal.com c:\windows\SoftwareDistribution\Download\7785006bf44efb569bd0793e34e31b9a\sfcfiles.dll c:\windows\system32\sfcfiles.dll ha kiirja hogy mar volt vizsgalva,,klik-megegyszer vizsgalni a linkeket tedd ide. http://jpshortstuff.247fixes.com/beta/Defogger.exe ,futtasd-klik-disabled-restart-logott tedd ide. bootkit_remover Tolds le az asztalra-csomagold ki az asztalra-futtasd-mikor lefutt.zard be az asztalon lesz a log,tedd ide.
csüt. aug. 05, 2010 16:03

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul ComboFix 10-08-04.05 - admin 2010/08/05 16:35:54.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.81.1038.18.503.236 [GMT 2:00] Running from: c:\documents and settings\admin\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\admin\Asztal\CFScript.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\Tasks\Scheduled Update for Ask Toolbar.job" file zipped: c:\documents and settings\admin\Application Data\qcopjv.dat file zipped: c:\windows\system32\drivers\mbhhwd.sys file zipped: c:\windows\system32\drivers\nhvbgz.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\admin\Application Data\qcopjv.dat c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html c:\program files\Ask.com c:\program files\Ask.com\config.xml c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\UpdateTask.exe c:\windows\system32\drivers\mbhhwd.sys c:\windows\system32\drivers\nhvbgz.sys c:\windows\Tasks\Scheduled Update for Ask Toolbar.job c:\windows\system32\sfcfiles.dll . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MBHHWD -------\Legacy_NHVBGZ -------\Service_mbhhwd -------\Service_nhvbgz ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 12:58 . 2010-08-05 12:58 -------- d-----w- c:\program files\CCleaner 2010-08-05 10:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-05 10:08 . 2010-08-05 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-05 10:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 09:49 . 2010-08-05 09:49 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes 2010-08-05 09:49 . 2010-08-05 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-05 09:42 . 2010-08-05 09:43 -------- d-----w- C:\rsit 2010-08-05 09:42 . 2010-08-05 09:43 -------- d-----w- c:\program files\trend micro 2010-07-28 11:25 . 2010-07-28 11:35 -------- d-----w- c:\program files\Larousse 2010-07-06 17:42 . 2010-07-06 17:42 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-07-06 17:41 . 2010-07-06 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 09:52 . 2007-08-01 20:30 99960 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-04 09:24 . 2007-08-09 12:35 -------- d-----w- c:\program files\Mahjong Quest 2 2010-08-03 19:13 . 2007-12-23 11:43 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent 2010-07-28 22:12 . 2009-05-26 13:33 -------- d-----w- c:\documents and settings\admin\Application Data\Skype 2010-07-28 18:48 . 2007-12-17 23:09 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM 2010-07-28 11:34 . 2007-08-02 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-27 01:51 . 2010-05-30 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-07-22 10:23 . 2007-08-04 14:29 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-19 13:27 . 2010-05-30 05:52 158996 ----a-w- c:\windows\hpoins15.dat 2010-07-19 11:01 . 2009-03-06 18:20 -------- d-----w- c:\documents and settings\admin\Application Data\Spider Player 2010-07-13 03:35 . 2010-06-09 21:07 16 ----a-w- c:\documents and settings\NetworkService\Application Data\qcopjv.dat 2010-07-10 14:49 . 2010-06-11 06:42 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat 2010-06-24 03:37 . 2010-06-25 00:47 1356155 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aescript.dll 2010-06-24 03:16 . 2010-06-25 00:46 430453 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aepack.dll 2010-06-24 03:03 . 2010-06-25 00:46 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aeheur.dll 2010-06-24 02:02 . 2010-06-25 00:46 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aehelp.dll 2010-06-24 01:54 . 2010-06-25 00:46 377204 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aegen.dll 2010-06-16 23:47 . 2010-05-02 09:03 -------- d-----w- c:\program files\iTunes 2010-06-16 23:39 . 2010-05-02 09:03 -------- d-----w- c:\program files\iPod 2010-06-10 14:33 . 2010-01-29 08:43 -------- d-----w- c:\program files\Freeze.com 2010-06-04 11:17 . 2010-06-18 23:31 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aeheur.dll 2010-06-04 11:17 . 2010-06-15 22:55 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aeheur.dll 2010-06-04 11:17 . 2010-06-12 22:35 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aeheur.dll 2010-06-02 09:15 . 2010-06-18 23:33 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-15 22:55 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-12 22:37 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-18 23:31 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-15 22:54 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-12 22:35 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-18 23:31 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aegen.dll 2010-06-02 09:15 . 2010-06-15 22:54 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aegen.dll 2010-06-02 09:15 . 2010-06-12 22:35 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aegen.dll 2010-05-13 18:21 . 2010-06-25 00:47 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-18 23:33 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-15 22:55 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-12 22:37 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-25 00:46 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-18 23:32 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-15 22:55 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-12 22:36 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-25 00:46 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-18 23:31 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-15 22:54 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-12 22:34 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aecore.dll 2008-12-11 16:56 . 2008-11-17 11:26 35244 ----a-w- c:\program files\surfer.set 2008-12-10 18:44 . 2008-11-17 11:26 7089 ----a-w- c:\program files\surfer.ini . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [-] 2008-04-14 . B3F79A7FEA348313717DCB795C3DD205 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7785006bf44efb569bd0793e34e31b9a\sfcfiles.dll [-] 2007-06-08 . 788D7B0B0DC349333820187628EE590E . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176] "WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2009-07-08 442368] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360] c:\documents and settings\admin\Start Menu\Programs\Indˇt˘pult\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Akademiai Kiado\\Akademiai Elektronikus Konyvtar\\bin\\NPLocal.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009/10/15 20:41 691696] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010/02/03 3:25 90112] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010/02/03 3:26 27632] S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\admin\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\admin\LOCALS~1\Temp\gUSBSTOi.sys [?] S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2008/02/12 20:24 505984] S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 13:32] 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 13:32] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage\|www.google.co.hu FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 16:42 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spyg.sys >>UNKNOWN [0x82794938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf85bbfc3 \Driver\ACPI -> ACPI.sys @ 0xf8343cb8 \Driver\atapi -> 0x8278b1f8 \Driver\iaStor -> iaStor.sys @ 0xf80d07b0 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578c34 ParseProcedure -> ntkrnlpa.exe @ 0x80577896 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578c34 ParseProcedure -> ntkrnlpa.exe @ 0x80577896 NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf7f8eb30 PacketIndicateHandler -> NDIS.sys @ 0xf7f9b9a1 SendHandler -> NDIS.sys @ 0xf7f7987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\imjp81.ime c:\windows\system32\imjp81k.dll c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC - - - - - - - > 'explorer.exe'(3860) c:\windows\system32\WININET.dll c:\windows\system32\imjp81.ime c:\windows\system32\imjp81k.dll c:\windows\system32\themeui.dll c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\FinePixViewerS\QuickDCF2.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************ . Completion time: 2010-08-05 16:47:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-05 14:47 ComboFix2.txt 2010-08-05 13:43 Pre-Run: 5,249,216,512 bájt szabad Post-Run: 5,235,838,976 bájt szabad - - End Of File - - 7FFED5A2502C327BC01C429A293F828C
csüt. aug. 05, 2010 15:54

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide. Kód: KILLALL:: Collect:: c:\windows\system32\drivers\mbhhwd.sys c:\windows\system32\drivers\nhvbgz.sys c:\documents and settings\admin\Application Data\qcopjv.dat RESTORE:: c:\windows\system32\sfcfiles.dll srpeek:: c:\windows\system32\sfcfiles.dll Folder:: c:\program files\Ask.com Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=- "swg"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "igfxtray"=- "igfxpers"=- "Adobe Reader Speed Launcher"=- "IMJPMIG8.1"=- "MSPY2002"=- "PHIME2002ASync"=- "PHIME2002A"=- "Adobe Photo Downloader"=- "QuickTime Task"=- "HP Software Update"=- [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbhhwd] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nhvbgz] Driver:: mbhhwd nhvbgz File:: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job DDS:: uStart Page = hxxp://www.daemon-search.com/startpage uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
csüt. aug. 05, 2010 15:33

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul jaj leszedtem.... BOCSÁNAT! (most már nem csinálok semmit csak amit mondasz, bocsi) Megkérdeztem tasóm lányát, akié a gép -Proxy- ez egy szerver féleség, konkrétan nem tudja, mert nem tudja mit takarhat -Azt mondja nincsenek titkosítva a dokumentumai (japán nyelven irogat, nem azt látod?)
csüt. aug. 05, 2010 15:31

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul egyelore nebansal semmit a Daemont a combofix kapcsolja ki. Kerdes: Hasznal a baratnod proxyt?? Nincsen baj az documentomok titkositasaval,,hogy nem lehet kinyitni??
csüt. aug. 05, 2010 15:24

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Indítás előtt kikapcsoltam az Avirát de combofix újraindította a gépet és ezután már nem tudtam lekapcsolni a vírusírtót közben is 2x sipolt tróját.. - Leszedem a Deamondot mert látom "sérült"
csüt. aug. 05, 2010 14:59

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul ComboFix 10-08-04.05 - admin 2010/08/05 15:24:53.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.81.1038.18.503.166 [GMT 2:00] Running from: c:\documents and settings\admin\Asztal\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\admin\Application Data\avdrn.dat c:\documents and settings\All Users\Application Data\hpeA.dll c:\documents and settings\All Users\Application Data\Wyeke c:\documents and settings\All Users\Application Data\Wyeke\wyeke139.exe c:\program files\Wyeke c:\program files\Wyeke\wyeke.exe c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WYEKE_SERVICE -------\Service_Wyeke Service ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 12:58 . 2010-08-05 12:58 -------- d-----w- c:\program files\CCleaner 2010-08-05 10:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-05 10:08 . 2010-08-05 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-05 10:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 09:49 . 2010-08-05 09:49 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes 2010-08-05 09:49 . 2010-08-05 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-05 09:42 . 2010-08-05 09:43 -------- d-----w- C:\rsit 2010-08-05 09:42 . 2010-08-05 09:43 -------- d-----w- c:\program files\trend micro 2010-07-28 11:25 . 2010-07-28 11:35 -------- d-----w- c:\program files\Larousse 2010-07-10 14:49 . 2010-08-05 13:38 540672 ----a-w- c:\windows\system32\drivers\mbhhwd.sys 2010-07-06 17:41 . 2010-07-06 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 13:41 . 2010-06-09 21:08 772096 ----a-w- c:\windows\system32\drivers\nhvbgz.sys 2010-08-05 09:52 . 2007-08-01 20:30 99960 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-04 09:24 . 2007-08-09 12:35 -------- d-----w- c:\program files\Mahjong Quest 2 2010-08-03 19:13 . 2007-12-23 11:43 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent 2010-07-28 22:12 . 2009-05-26 13:33 -------- d-----w- c:\documents and settings\admin\Application Data\Skype 2010-07-28 18:48 . 2007-12-17 23:09 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM 2010-07-28 11:34 . 2007-08-02 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-27 01:51 . 2010-05-30 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-07-22 10:23 . 2007-08-04 14:29 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-19 13:27 . 2010-05-30 05:52 158996 ----a-w- c:\windows\hpoins15.dat 2010-07-19 11:01 . 2009-03-06 18:20 -------- d-----w- c:\documents and settings\admin\Application Data\Spider Player 2010-07-13 03:35 . 2010-06-09 21:07 16 ----a-w- c:\documents and settings\NetworkService\Application Data\qcopjv.dat 2010-07-10 14:49 . 2010-06-11 06:42 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat 2010-07-06 17:42 . 2010-07-06 17:42 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-06-24 03:37 . 2010-06-25 00:47 1356155 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aescript.dll 2010-06-24 03:16 . 2010-06-25 00:46 430453 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aepack.dll 2010-06-24 03:03 . 2010-06-25 00:46 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aeheur.dll 2010-06-24 02:02 . 2010-06-25 00:46 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aehelp.dll 2010-06-24 01:54 . 2010-06-25 00:46 377204 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aegen.dll 2010-06-16 23:47 . 2010-05-02 09:03 -------- d-----w- c:\program files\iTunes 2010-06-16 23:39 . 2010-05-02 09:03 -------- d-----w- c:\program files\iPod 2010-06-16 09:51 . 2010-06-16 09:51 8 ----a-w- c:\documents and settings\admin\Application Data\qcopjv.dat 2010-06-10 14:33 . 2010-01-29 08:43 -------- d-----w- c:\program files\Freeze.com 2010-06-04 11:17 . 2010-06-18 23:31 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aeheur.dll 2010-06-04 11:17 . 2010-06-15 22:55 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aeheur.dll 2010-06-04 11:17 . 2010-06-12 22:35 2724214 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aeheur.dll 2010-06-02 09:15 . 2010-06-18 23:33 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-15 22:55 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-12 22:37 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aescript.dll 2010-06-02 09:15 . 2010-06-18 23:31 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-15 22:54 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-12 22:35 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aehelp.dll 2010-06-02 09:15 . 2010-06-18 23:31 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aegen.dll 2010-06-02 09:15 . 2010-06-15 22:54 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aegen.dll 2010-06-02 09:15 . 2010-06-12 22:35 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aegen.dll 2010-05-13 18:21 . 2010-06-25 00:47 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-18 23:33 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-15 22:55 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-12 22:37 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aescn.dll 2010-05-13 18:21 . 2010-06-25 00:46 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-18 23:32 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-15 22:55 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-12 22:36 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aeoffice.dll 2010-05-13 18:21 . 2010-06-25 00:46 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c23e71a\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-18 23:31 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c1be4cc\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-15 22:54 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c17f027\validationdir\aecore.dll 2010-05-13 18:21 . 2010-06-12 22:34 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4c13db9e\validationdir\aecore.dll 2008-12-11 16:56 . 2008-11-17 11:26 35244 ----a-w- c:\program files\surfer.set 2008-12-10 18:44 . 2008-11-17 11:26 7089 ----a-w- c:\program files\surfer.ini . ------- Sigcheck ------- [-] 2008-04-14 . B3F79A7FEA348313717DCB795C3DD205 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\7785006bf44efb569bd0793e34e31b9a\sfcfiles.dll [-] 2007-06-08 . 788D7B0B0DC349333820187628EE590E . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 16:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "WeatherBugAlert"="c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2009-07-08 442368] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360] c:\documents and settings\admin\Start Menu\Programs\Indˇt˘pult\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Akademiai Kiado\\Akademiai Elektronikus Konyvtar\\bin\\NPLocal.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010/02/03 3:25 90112] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010/02/03 3:26 27632] S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\admin\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\admin\LOCALS~1\Temp\gUSBSTOi.sys [?] S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2008/02/12 20:24 505984] S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009/10/15 20:41 691696] --- Other Services/Drivers In Memory --- Deregistered - mbhhwd Deregistered - nhvbgz [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 13:32] 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 13:32] 2010-08-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-06-16 16:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/startpage uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage\|www.google.co.hu FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\a7cr089i.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 15:36 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbhhwd] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nhvbgz] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\imjp81.ime c:\windows\system32\imjp81k.dll c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC - - - - - - - > 'explorer.exe'(3440) c:\windows\system32\WININET.dll c:\windows\system32\imjp81.ime c:\windows\system32\imjp81k.dll c:\windows\system32\themeui.dll c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\FinePixViewerS\QuickDCF2.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************ . Completion time: 2010-08-05 15:43:09 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-05 13:43 Pre-Run: 4,621,561,856 bájt szabad Post-Run: 5,241,528,320 bájt szabad WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /noexecute=optin /fastdetect - - End Of File - - BD750BB28E5C99E81E5964413C9E513B
csüt. aug. 05, 2010 14:50

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul torold mindet. Szed le a geprol C:\Program Files\pdfforge Toolbar Tisztitsd ki a CCleaneral, kapcsold ki a rendszer visszaalitasat,restart-bekapcsolni vissza. Futtasd a combofixet.
csüt. aug. 05, 2010 12:46

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Adatbázis verzió: 4391 Windows 5.1.2600 Szervizcsomag 2 Internet Explorer 8.0.6001.18702 2010/08/05 13:37:30 mbam-log-2010-08-05 (13-37-30).txt Vizsgálat típusa: Teljes vizsgálat (C:\\|D:\\|) Átvizsgált objektumok: 206089 Eltelt idő: 1 óra, 23 perc, 58 másodperc Fertőzött memóriafolyamatok: 0 Fertőzött memória modulok: 0 Fertőzött Rendszerleíró kulcsok: 3 Fertőzött Rendszerleíró értékek: 0 Fertőzött Rendszerleíró adatelemek: 0 Fertőzött mappák: 1 Fertőzött fájlok: 10 Fertőzött memóriafolyamatok: (Nem találhatók rosszindulatú elemek) Fertőzött memória modulok: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró kulcsok: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wyeke (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\Software\Wyeke (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wyeke Service (Adware.Agent) -> No action taken. Fertőzött Rendszerleíró értékek: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró adatelemek: (Nem találhatók rosszindulatú elemek) Fertőzött mappák: C:\Program Files\Wyeke (Adware.Agent) -> No action taken. Fertőzött fájlok: C:\WINDOWS\system32\drivers\nhvbgz.sys (Backdoor.IEbooot) -> No action taken. C:\WINDOWS\system32\drivers\mbhhwd.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\Temp\1d8b1173.tmp (Trojan.Ransom) -> No action taken. C:\WINDOWS\Temp\f806b27e.tmp (Trojan.Ransom) -> No action taken. C:\WINDOWS\Temp\4e32d852.tmp (Trojan.Ransom) -> No action taken. C:\WINDOWS\Temp\7fa9c3b8.tmp (Trojan.Ransom) -> No action taken. C:\WINDOWS\Temp\e0871c00.tmp (Trojan.Ransom) -> No action taken. C:\Program Files\Wyeke\wyeke.exe (Adware.Agent) -> No action taken. C:\Documents and Settings\admin\Application Data\avdrn.dat (Malware.Trace) -> No action taken. C:\Program Files\GridLib.dll (Spyware.OnlineGames) -> No action taken. ____ 1h múlva vagyok ismét
csüt. aug. 05, 2010 12:43

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: sokat fagy ill. újraindul igen kapcsold ki az AVIRAT.
csüt. aug. 05, 2010 11:45

kataiandi arany tag Csatlakozott: szer. dec. 27, 2006 16:11 Hozzászólások: 392	Re: sokat fagy ill. újraindul Avira sikít tróját.(töröltem) Leállítsam addig míg csináljuk a gépet? Jó sokáig el fog tartani a teljes vizsgálat, mert eléggé tele van a gép...
csüt. aug. 05, 2010 11:33
Hozzászólások megjelenítése: Rendezés

Oldal: 2 / 3

[ 106 hozzászólás ]

Oldal Előző 1, 2, 3 Következő

Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 13 vendég

Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség