Megcsináltam. Az új téma neve: trojan virus.
Köszi

ok,nyis it a security temaban uj temat,,mert mar igen,megy az idegemre ez a forum hiba,
es lefutatod a Rootrepeal programot,az eredmenyt ted oda.
http://ad13.geekstogo.com/RootRepeal.exe
ted az asztalra
futasd
klik>> Report >>> klik Scan>>bepipazod mind a 7-lehetoseget,,
Klik>>OK<<
bepipazol minden lemezet
klik-ok
a skan vegen>klik-SAVE REPORT,,
SAVE>>RepealScan<<mends le es a tartalmat ted oda,

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5A3618]<<
kernel: MBR read successfully
user & kernel MBR OK

ezt a parancsot
cmd /c mbr.exe -t >log.txt&start log.txt klik.ok
masold be a Start>>futatas ablakaba>kinyilik log.txt ted ide,

A két txt tartalma:

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 20:34 on 29/11/2009 (Viki)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

----------------------------------------

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

provizorosan kikapcsoljuk a Daemont>.utana majd bekapcsoljuk
letoltod ezt a programot,ted az asztalra>futasd>klik Disabled>

http://jpshortstuff.247fixes.com/beta/Defogger.exe
ad logot ted ide
tolds le ted az asztalra
MBR - http://www2.gmer.net/mbr/mbr.exe
klik>start>klik>futatas>masold be az ablakba

cmd /c mbr.exe -t >log.txt&start log.txt
ok
ad log.txt>ted ide,

Szia Stell,
Nagyon köszönöm, hogy foglalkoztál a kérdésemmel.
Kimásoltam a txt fájl tartalmát.

ComboFix 09-11-29.01 - Viki 009.11.29. 19:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.2046.1336 [GMT 1:00]
Running from: c:\documents and settings\Viki\Asztal\ComboFix.exe
AV: upc smart guard 8.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: upc smart guard 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Viki\Application Data\Desktopicon
c:\documents and settings\Viki\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Viki\Local Settings\Temporary Internet Files\lsn_6FBA808F-2580-48c3-8C6B-C08BBB800B8E.xml
c:\program files\Keenfinder
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-28 17:49 . 2009-11-29 14:34 79488 ----a-w- c:\documents and settings\Viki\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 19:15 . 2009-11-15 19:16 -------- d-----w- c:\program files\NeuroTran
2009-11-15 16:43 . 2009-11-15 16:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-15 16:42 . 2009-11-15 16:42 -------- d-----w- c:\program files\iPod
2009-11-15 16:41 . 2009-11-15 16:42 -------- d-----w- c:\program files\iTunes
2009-11-15 16:41 . 2009-11-15 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-15 16:39 . 2009-11-15 16:40 -------- d-----w- c:\program files\QuickTime
2009-11-15 16:37 . 2009-11-15 16:37 -------- d-----w- c:\documents and settings\Viki\Application Data\Thinstall
2009-11-15 16:36 . 2009-11-15 17:07 -------- d-----w- c:\program files\Dokumentum típusok konvertálása
2009-11-15 16:33 . 2009-11-15 16:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 15:32 . 2009-01-24 09:57 -------- d-----w- c:\program files\UPC SmartGuard
2009-11-28 22:05 . 2009-01-24 10:23 -------- d-----w- c:\documents and settings\Viki\Application Data\uTorrent
2009-11-15 17:10 . 2009-05-07 17:40 -------- d-----w- c:\documents and settings\Viki\Application Data\Apple Computer
2009-11-15 16:46 . 2009-06-20 07:50 -------- d-----w- c:\program files\Safari
2009-11-15 16:42 . 2009-05-07 17:37 -------- d-----w- c:\program files\Common Files\Apple
2009-11-09 04:52 . 2009-10-18 14:48 -------- d-----w- c:\documents and settings\Viki\Application Data\Free Download Manager
2009-11-08 17:33 . 2009-09-28 16:14 -------- d-----w- c:\program files\FrameShow
2009-10-25 07:30 . 2004-08-18 12:00 98728 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-25 07:30 . 2004-08-18 12:00 446730 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-18 14:48 . 2009-10-18 14:48 -------- d-----w- c:\program files\Free Download Manager
2009-10-18 14:48 . 2009-10-18 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-08 16:32 . 2009-10-08 16:32 -------- d-----w- c:\program files\CheckPoint
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"F-Secure Manager"="c:\program files\UPC SmartGuard\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\UPC SmartGuard\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2008-06-18 11:47 24692 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009.01.24. 12:36 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009.01.24. 10:57 79904]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\UPC SmartGuard\HIPS\drivers\fshs.sys [2009.01.24. 10:57 66720]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008.06.18. 12:46 2235760]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008.06.18. 12:46 47504]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008.06.18. 12:46 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008.06.18. 12:46 673872]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\UPC SmartGuard\Anti-Virus\minifilter\fsgk.sys [2009.01.24. 10:57 101496]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\UPC SmartGuard\ORSP Client\fsorsp.exe [2009.01.24. 10:57 55904]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009.02.01. 10:58 664064]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.19. 16:49 18816]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\UPC SmartGuard\Anti-Virus\win2k\fsfilter.sys [2009.01.24. 10:57 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\UPC SmartGuard\Anti-Virus\win2k\fsrec.sys [2009.01.24. 10:57 25184]
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\UPCSMA~1\ANTI-V~1\fsav.exe [2009-01-24 13:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm
IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm
IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm
LSP: c:\program files\UPC SmartGuard\FSPS\program\fslsp.dll
TCP: {8FDAC4EB-5007-4AC3-9AAB-AB914B51B4F8} = 213.46.246.54 213.46.246.53
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 20:03
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A62B618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e94cb8
\Driver\atapi -> atapi.sys @ 0xb9e4c852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8102E Family PCI-E Fast Ethernet NIC -> SendCompleteHandler -> NDIS.SYS @ 0xb9d33bb0
PacketIndicateHandler -> NDIS.SYS @ 0xb9d40a21
SendHandler -> NDIS.SYS @ 0xb9d1e87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\WININET.dll
c:\program files\UPC SmartGuard\FSPS\program\fslsp.dll
.
Completion time: 2009-11-29 20:08
ComboFix-quarantined-files.txt 2009-11-29 19:08

Pre-Run: 105 862 668 288 bájt szabad
Post-Run: 106 866 745 344 bájt szabad

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition - magyar" /noexecute=optin /fastdetect

- - End Of File - - F8357F7B6FF3A186FB50351A3BA6F6E2

udv
szed le a geprol:a vezrlo pulton at>>hozavagy leszedni programokat,

C:\Program Files\Uniblue\RegistryBooster
C:\Program Files\Ask.com

Kedves Stell!

A segítséged szeretném kérni. Nem nagyon értek a dolgokhoz, de már nem indul el a Windows-om, csak "Hibakeresés"-sel.

Lefuttattam egy viruskereső programot, és ezt írta ki:
Eredmény: 1 kártékony szoftvert talált
Trojan.Win32.Genome.cnqu (vírus)
C:\Documents and Settings\Viki\Dokumentumok\programok\Ultra.Video.Joiner.v5.1with.KeyGen.-SUBBYWRX\keygen.exe Művelet: átnevezve
--------------------------------------------------------------------------------
Veszélyes program található
WebToolbar.Win32.WhenU.a (Veszélyes programok)
C:\Documents and Settings\Viki\Dokumentumok\programok\daemon4.exe


Bemásolom ide a fájl-t amit az általad javasolt program írt ki nekem.
Kérlek segíts!
Előre is köszönöm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:04, on 2009.11.29.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\UPC SmartGuard\Common\FSM32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
C:\Program Files\UPC SmartGuard\Anti-Virus\FSGK32.EXE
C:\Program Files\UPC SmartGuard\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPC SmartGuard\Common\FCH32.EXE
C:\Program Files\UPC SmartGuard\Common\FAMEH32.EXE
C:\Program Files\UPC SmartGuard\Anti-Virus\fsqh.exe
C:\Program Files\UPC SmartGuard\FSPC\fspc.exe
C:\Program Files\UPC SmartGuard\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\UPC SmartGuard\Anti-Virus\fssm32.exe
C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\UPC SmartGuard\FSAUA\program\fsus.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\UPC SmartGuard\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\UPC SmartGuard\FSGUI\scanwizard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?q={searchTerms}&mkt=hu-HU&FORM=MIC2H5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\UPC SmartGuard\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\UPC SmartGuard\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Az összes letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Kijelölés letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Letöltés Free Download Managerrel - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Video letöltése a Free Download Manager-rel - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Szülői... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Szülői... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\UPC SmartGuard\FSPC\fspcmsie.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FDAC4EB-5007-4AC3-9AAB-AB914B51B4F8}: NameServer = 213.46.246.54 213.46.246.53
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\UPC SmartGuard\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

--
End of file - 11985 bytes

akkor jó köszönöm válaszod
szép estét
üdv
Gyuri

spkw.sys >>UNKNOWN [0x82B29938]<<
ez a Daemon vagy az alcohol Rootkit drivere,,

üdv stell
kíváncsiság képen én is nézegettem amit Katika nem tudott megcsinálni
nálam ezt írta ki
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spkw.sys >>UNKNOWN [0x82B29938]<<
kernel: MBR read successfully
user & kernel MBR OK

csak azért említem mert nem tudom mi ez a: UNKNOWN [0x82B29938]

meg mostanában megint lelassult szegény gépem de egyenlőre még próbálok vírusirtókkal ha nem sikerül akkor jövök
ezt az ismeretlen bejegyzés ügyébe meg nem tudom mit csináljak hogy ez mi lehet
üdv
Gyuri

kivancsi vagyok hogy most mi lesz ,a beteg gyerek ide tete a pornot akor jo volt,,most en irok ha jo lesz e

ez lehet tob hiba
Tap
RAM
HW
SW
meglasuk

bekapcsolod a relytet falylok meglyeleniteset

Szia Stell ! Jó reggelt!! A tegnap este pár óra pihi után bekapcsoltuk, nem volt gond, de ma reggel azt mondja apu hogy megint újraindult többször...

ok,koszi a csokit,,
majd ird meg mi a helyzet a gepel,
addig is nincsen mit,

Köszike!! Kapsz egy Milka vagy Deli csokit így az éteren keresztül..
Most kikapcsolom a gépet,és kicsit később bekapcsolom... Aztán majd jelentkezem.. Köszönöm addig is!!!

na latod ugyes vagy,,kiprobalni a gepet mar jonak kene lennie,,,,ird majd ide,

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\dllcache\pciide.sys|C:\WINDOWS\system32\drivers\pciide.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Katika
Letoltod ezt a programot az asztalra
http://swandog46.geekstogo.com/avenger.exe
futatod>klik.OK
a kinyilt ablakba masold be a piros textet
Begin copying here:
Files to move:
C:\WINDOWS\system32\dllcache\pciide.sys | C:\WINDOWS\system32\drivers\pciide.sys
klik>Execute.
klik>yes
megint klik>Yes
A gep restartol es ad logot,,ha nemad akor itt lesz C:\avenger.txt)>>ted ide

kisst1985
ha megcsinaltad akor miert nemteted ide az OTMOVEIT logjat??

Szia Stell!

Megcsináltam amit mondtál itt az új log.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rendszergazda at 2009-11-27 19:13:44
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 69 GB (84%) free of 82 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:48, on 2009.11.27.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rendszergazda\Asztal\RSIT.exe
C:\Program Files\HiJackThis\Rendszergazda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: t-com.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6656482531
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://mail.bekescsaba.hu:8080/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D872676F-6E21-426F-BD9F-D4DC1579B60B}: NameServer = 80.95.64.200 80.95.64.201
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7071 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{D75B0FF6-863A-466D-9D17-0EFEB3516C36}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-08-03 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-08-03 1471832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-17 17676288]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-27 149280]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-23 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult
t-com.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-11-27 19:07:52 ----D---- C:\_OTM
2009-11-27 17:23:10 ----D---- C:\rsit
2009-11-25 20:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 20:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 20:15:27 ----D---- C:\Program Files\HiJackThis
2009-11-22 13:08:32 ----D---- C:\Program Files\Free Video To Audio Converter
2009-11-22 12:58:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-22 12:34:55 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\ABBYY
2009-11-22 12:30:08 ----D---- C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2009-11-22 12:05:47 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Nero
2009-11-22 11:49:37 ----D---- C:\Program Files\Common Files\Nero
2009-11-12 22:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-02 19:36:20 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Windows Search
2009-11-01 19:36:28 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\dvdcss
2009-11-01 12:57:57 ----D---- C:\WINDOWS\PixArt
2009-11-01 12:57:56 ----D---- C:\Program Files\Trust
2009-11-01 12:57:56 ----D---- C:\Program Files\Common Files\PCCamera
2009-11-01 12:53:08 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-11-01 12:53:02 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-01 12:51:29 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\ArcSoft
2009-11-01 12:50:56 ----D---- C:\Program Files\Common Files\ArcSoft
2009-11-01 12:50:39 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-11-01 12:50:35 ----D---- C:\Program Files\ArcSoft
2009-11-01 12:37:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-01 12:37:23 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-01 12:37:22 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-01 12:08:52 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJScan
2009-11-01 12:08:51 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Canon
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250U.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250L.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250I.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250C.dll
2009-11-01 12:01:18 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Canon Easy-WebPrint EX
2009-11-01 12:00:08 ----D---- C:\Program Files\Common Files\CANON
2009-11-01 11:57:30 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-11-01 11:57:23 ----A---- C:\WINDOWS\system32\CNMLM9W.DLL
2009-11-01 11:57:20 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-11-01 11:57:15 ----A---- C:\WINDOWS\system32\CNC250O.dll
2009-11-01 11:57:11 ----A---- C:\WINDOWS\system32\CNMIU9W.DLL
2009-11-01 11:57:04 ----HD---- C:\Program Files\CanonBJ
2009-11-01 11:55:09 ----D---- C:\Program Files\Canon
2009-11-01 10:42:05 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Jasc Software Inc
2009-11-01 09:58:30 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\AdobeUM
2009-11-01 09:48:41 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\GHISLER
2009-11-01 09:42:50 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\vlc
2009-11-01 09:41:51 ----D---- C:\Program Files\VideoLAN
2009-10-31 20:41:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-31 20:11:22 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\uTorrent
2009-10-31 20:11:20 ----D---- C:\Program Files\uTorrent
2009-10-30 06:41:34 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-10-28 06:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2009-10-28 06:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-28 06:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-28 06:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-28 06:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-28 06:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-28 06:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-28 06:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-28 06:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-28 06:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-28 06:02:54 ----D---- C:\Program Files\Windows Live SkyDrive
2009-10-28 05:56:14 ----D---- C:\Program Files\Common Files\Windows Live
2009-10-28 05:55:44 ----D---- C:\WINDOWS\ie8updates
2009-10-28 05:54:37 ----D---- C:\Program Files\Microsoft
2009-10-28 05:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-28 05:39:13 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla
2009-10-28 05:38:26 ----D---- C:\Program Files\Axis Communications
2009-10-28 05:38:14 ----D---- C:\WINDOWS\Sun
2009-10-28 05:37:54 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Macromedia
2009-10-28 05:37:13 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Adobe
2009-10-28 05:36:00 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2009-11-27 19:11:58 ----D---- C:\WINDOWS\Prefetch
2009-11-27 19:11:52 ----D---- C:\WINDOWS\Temp
2009-11-27 19:11:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-27 19:11:50 ----D---- C:\Program Files\Mozilla Firefox
2009-11-27 19:08:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-27 19:08:11 ----D---- C:\WINDOWS\system32
2009-11-27 17:33:52 ----D---- C:\Program Files
2009-11-26 09:18:47 ----D---- C:\WINDOWS
2009-11-25 20:53:23 ----HD---- C:\WINDOWS\inf
2009-11-25 20:53:19 ----A---- C:\WINDOWS\imsins.BAK
2009-11-25 20:53:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-25 20:53:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 20:53:02 ----SHD---- C:\WINDOWS\Installer
2009-11-25 20:53:00 ----D---- C:\WINDOWS\WinSxS
2009-11-22 12:00:15 ----D---- C:\Program Files\Nero
2009-11-22 11:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-11-22 11:49:37 ----D---- C:\Program Files\Common Files
2009-11-15 19:32:55 ----SD---- C:\Documents and Settings\Rendszergazda\Application Data\Microsoft
2009-11-13 20:32:02 ----D---- C:\WINDOWS\Help
2009-11-12 22:55:18 ----A---- C:\WINDOWS\win.ini
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-02 19:14:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-01 12:59:13 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Skype
2009-11-01 12:58:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-01 12:57:57 ----D---- C:\WINDOWS\twain_32
2009-11-01 12:57:57 ----D---- C:\WINDOWS\system32\drivers
2009-11-01 12:01:35 ----D---- C:\WINDOWS\Media
2009-11-01 09:58:17 ----D---- C:\Program Files\Common Files\Adobe
2009-11-01 09:57:34 ----RSD---- C:\WINDOWS\Fonts
2009-11-01 09:57:27 ----D---- C:\Program Files\Adobe
2009-11-01 09:54:10 ----D---- C:\Program Files\totalcmd
2009-10-31 20:41:27 ----D---- C:\WINDOWS\system32\DirectX
2009-10-28 16:07:15 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 06:41:51 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-28 06:41:46 ----RSD---- C:\WINDOWS\assembly
2009-10-28 06:27:54 ----SD---- C:\WINDOWS\Tasks
2009-10-28 06:20:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 06:16:44 ----D---- C:\Program Files\Internet Explorer
2009-10-28 06:02:59 ----D---- C:\Program Files\Windows Live
2009-10-28 05:54:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-28 05:54:06 ----D---- C:\WINDOWS\Registration
2009-10-28 05:43:57 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Winamp
2009-10-28 05:43:16 ----D---- C:\Program Files\Winamp
2009-10-28 05:38:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-28 05:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-28 05:36:10 ----SH---- C:\boot.ini
2009-10-28 05:36:09 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-10-28 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-10-28 55656]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 HDAudBus;Microsoft UAA busz-illesztőprogram - High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-25 4952576]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-09-19 290432]
S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-28 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-28 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-27 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 yksvc;Marvell Yukon Service; ykx32mpcoinst,serviceStartProc []
S3 aspnet_state;ASP.NET-állapotszolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp portmegosztási szolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:13 on 27/11/2009 by Szépvölgyi Dezső (Administrator - Elevation successful)

========== filefind ==========

Searching for "pciide*"
C:\cmdcons\PCIIDE.SY_ --a--- 1695 bytes [12:51 17/08/2001] [12:51 17/08/2001] DD70748EDC4DB912A6603D87760EE322
C:\cmdcons\PCIIDEX.SY_ --a--- 13610 bytes [21:59 03/08/2004] [21:59 03/08/2004] 074806F8AC6493BFD75FE120D0D895C2
C:\Documents and Settings\Szépvölgyi Dezső\mentesrol\WINDOWS\system32\dllcache\pciide.sys --a--- 3328 bytes [15:56 24/06/2007] [18:10 26/10/2001] FBF3CC42488FD2CE49F9427240CD5809
C:\Documents and Settings\Szépvölgyi Dezső\mentesrol\WINDOWS\system32\dllcache\pciidex.sys --a--- 25088 bytes [15:56 24/06/2007] [20:59 03/08/2004] 520B91AB011456B940D9B05FC91108FF
C:\Documents and Settings\Szépvölgyi Dezső\mentesrol\WINDOWS\system32\drivers\pciide.sys --a--- 3328 bytes [15:57 24/06/2007] [18:10 26/10/2001] FBF3CC42488FD2CE49F9427240CD5809
C:\Documents and Settings\Szépvölgyi Dezső\mentesrol\WINDOWS\system32\drivers\pciidex.sys --a--- 25088 bytes [15:57 24/06/2007] [20:59 03/08/2004] 520B91AB011456B940D9B05FC91108FF
C:\Documents and Settings\Szépvölgyi Dezső\mentesrol\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\pciidex.sys --a--- 25088 bytes [15:58 24/06/2007] [20:59 03/08/2004] 520B91AB011456B940D9B05FC91108FF
C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys -----c 25088 bytes [21:26 13/05/2009] [19:01 12/09/2005] 520B91AB011456B940D9B05FC91108FF
C:\WINDOWS\ServicePackFiles\i386\pciidex.sys ------ 24960 bytes [18:40 13/04/2008] [18:40 13/04/2008] 52E60F29221D0D1AC16737E8DBF7C3E9
C:\WINDOWS\system32\dllcache\pciide.sys --a--c 3328 bytes [19:01 12/09/2005] [19:10 26/10/2001] FBF3CC42488FD2CE49F9427240CD5809
C:\WINDOWS\system32\drivers\pciidex.sys --a--- 24960 bytes [19:01 12/09/2005] [18:40 13/04/2008] 52E60F29221D0D1AC16737E8DBF7C3E9

========== file ==========

C:\WINDOWS\system32\drivers\pciide.sys - Unable to find/read file.

-=End Of File=-

ok,csinald a systemlook programal amit irtam,

SÍROK nincs meg ez: c:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pciide.sys.vir
ezen a gépen csak ez : C:\WINDOWS\system32\drivers\

katika.figyelmesen olvasd amit irok,,irtad hogy zuros napod volt,,es en irtam eztet

eztet megcsinaltad e???mert ezt a drivert nam latom
Felelly a kerdesemre,,es csinald meg eztet
ujbol futasd a systemlook programot es ted be a zold textet>amit ad ted ide

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:33 on 27/11/2009 by Szépvölgyi Dezső (Administrator - Elevation successful)

No Context: mb:filefind

No Context: pciide.sys

-=End Of File=-

kisst1985
Tolds le az OTMOVEIT3 programot>ted az asztalra>a baloldali ablakba masold be a piros textet es klik>MOVEIT>a gep restartol es adlogot >ted ide:
http://oldtimer.geekstogo.com/OTM.exe


Katika
IDE KLIKELJ
tolds le az asztalra>futasd >az ablakba masold be a piros textet>es klik<look<ad neked logot>ted ide

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>tedide.bat<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni
megtalalod az asztalon a tedide.bat ikont 2x raklikelsz>>ad az asztalra tedide.txt,,a tartalmat ide ted,

Kedves Stell! 2 napja írtam neked, de csak most olvastam, hogy sikerült is gyorsan válaszolnod! Szóval futattam az RSIT és bemásolom ide neked, amit a log jegyzettömbbe kirakott nekem. Az infoból sajnos véletlenül kiléptem és nem csinál újat helyett vmiért, hiába futtatom le újra. Amúgy a problémám annyi, hogy az Avira Antivir állandóan behozott egy Zwunzi nevű fájlt amire azt mondja, hogy egy troja, de hiába kattintottam rá, hogy akkor törölje, vagy helyezze karanténba nem csinálta meg, hanem időröl-időre újra felhozta. Nem tudom, mi ez a zwunzi a C:/Programfiles-ba találtam rá egy Zwunzi mappában volt benn egy exe egy, dll, és egy uninstall fájl. Unistallálni akkor nem engedte. Azért írok múltidőben, mert most, hogy az imént beléptem megint felhozta az Antivir, hogy a zwunzi.dll egy trója, de most sikerült kitörlönie, a megmaradt exe fájlt meg én töröltem sima shift del-el. Nem tudom, hogy ezzel jót csináltam e vagy rosszat, de most azóta nem jelzett a vírusírtó. Nem tudom, kell e most még valamit csinálnom.

Köszi a segítőkészséget!

Íme ezt írja a log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rendszergazda at 2009-11-27 17:43:15
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 60 GB (73%) free of 82 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:18, on 2009.11.27.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Rendszergazda\Asztal\RSIT.exe
C:\Program Files\HiJackThis\Rendszergazda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: t-com.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6656482531
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://mail.bekescsaba.hu:8080/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D872676F-6E21-426F-BD9F-D4DC1579B60B}: NameServer = 80.95.64.6 80.95.64.7
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi127.exe

--
End of file - 7039 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{D75B0FF6-863A-466D-9D17-0EFEB3516C36}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-08-03 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-08-03 1471832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-17 17676288]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-27 149280]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-23 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult
t-com.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c982005-c2f9-11de-a126-0018f35bb33c}]
shell\AutoRun\command - E:\start.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23f64fc-c6fe-11de-9b15-0018f35bb33c}]
shell\AutoRun\command - I:\6ruaqx.exe
shell\open\command - I:\6ruaqx.exe


======List of files/folders created in the last 1 months======

2009-11-27 17:23:10 ----D---- C:\rsit
2009-11-25 20:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 20:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 20:15:27 ----D---- C:\Program Files\HiJackThis
2009-11-22 13:08:50 ----D---- C:\Documents and Settings\All Users\Application Data\Zwunzi
2009-11-22 13:08:32 ----D---- C:\Program Files\Free Video To Audio Converter
2009-11-22 12:58:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-22 12:34:55 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\ABBYY
2009-11-22 12:30:08 ----D---- C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2009-11-22 12:05:47 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Nero
2009-11-22 11:49:37 ----D---- C:\Program Files\Common Files\Nero
2009-11-12 22:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-02 19:36:20 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Windows Search
2009-11-01 19:36:28 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\dvdcss
2009-11-01 12:57:57 ----D---- C:\WINDOWS\PixArt
2009-11-01 12:57:56 ----D---- C:\Program Files\Trust
2009-11-01 12:57:56 ----D---- C:\Program Files\Common Files\PCCamera
2009-11-01 12:53:08 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-11-01 12:53:02 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-01 12:51:29 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\ArcSoft
2009-11-01 12:50:56 ----D---- C:\Program Files\Common Files\ArcSoft
2009-11-01 12:50:39 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-11-01 12:50:35 ----D---- C:\Program Files\ArcSoft
2009-11-01 12:37:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-01 12:37:23 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-01 12:37:22 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-01 12:08:52 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJScan
2009-11-01 12:08:51 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Canon
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250U.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250L.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250I.dll
2009-11-01 12:01:34 ----A---- C:\WINDOWS\system32\CNC250C.dll
2009-11-01 12:01:18 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Canon Easy-WebPrint EX
2009-11-01 12:00:08 ----D---- C:\Program Files\Common Files\CANON
2009-11-01 11:57:30 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-11-01 11:57:23 ----A---- C:\WINDOWS\system32\CNMLM9W.DLL
2009-11-01 11:57:20 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-11-01 11:57:15 ----A---- C:\WINDOWS\system32\CNC250O.dll
2009-11-01 11:57:11 ----A---- C:\WINDOWS\system32\CNMIU9W.DLL
2009-11-01 11:57:04 ----HD---- C:\Program Files\CanonBJ
2009-11-01 11:55:09 ----D---- C:\Program Files\Canon
2009-11-01 10:42:05 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Jasc Software Inc
2009-11-01 09:58:30 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\AdobeUM
2009-11-01 09:48:41 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\GHISLER
2009-11-01 09:42:50 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\vlc
2009-11-01 09:41:51 ----D---- C:\Program Files\VideoLAN
2009-10-31 20:41:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-31 20:11:22 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\uTorrent
2009-10-31 20:11:20 ----D---- C:\Program Files\uTorrent
2009-10-30 06:41:34 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-10-28 06:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2009-10-28 06:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-28 06:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-28 06:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-28 06:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-28 06:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-28 06:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-28 06:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-28 06:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-28 06:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-28 06:02:54 ----D---- C:\Program Files\Windows Live SkyDrive
2009-10-28 05:56:14 ----D---- C:\Program Files\Common Files\Windows Live
2009-10-28 05:55:44 ----D---- C:\WINDOWS\ie8updates
2009-10-28 05:54:37 ----D---- C:\Program Files\Microsoft
2009-10-28 05:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-28 05:39:13 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla
2009-10-28 05:38:26 ----D---- C:\Program Files\Axis Communications
2009-10-28 05:38:14 ----D---- C:\WINDOWS\Sun
2009-10-28 05:37:54 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Macromedia
2009-10-28 05:37:13 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Adobe
2009-10-28 05:36:00 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2009-11-27 17:33:52 ----D---- C:\Program Files
2009-11-27 17:23:25 ----D---- C:\WINDOWS\Prefetch
2009-11-27 17:17:39 ----D---- C:\WINDOWS\Temp
2009-11-27 17:17:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-27 17:17:34 ----D---- C:\Program Files\Mozilla Firefox
2009-11-26 09:22:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-26 09:18:47 ----D---- C:\WINDOWS
2009-11-26 09:16:58 ----D---- C:\WINDOWS\system32
2009-11-25 20:53:23 ----HD---- C:\WINDOWS\inf
2009-11-25 20:53:19 ----A---- C:\WINDOWS\imsins.BAK
2009-11-25 20:53:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-25 20:53:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 20:53:02 ----SHD---- C:\WINDOWS\Installer
2009-11-25 20:53:00 ----D---- C:\WINDOWS\WinSxS
2009-11-22 12:00:15 ----D---- C:\Program Files\Nero
2009-11-22 11:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-11-22 11:49:37 ----D---- C:\Program Files\Common Files
2009-11-15 19:32:55 ----SD---- C:\Documents and Settings\Rendszergazda\Application Data\Microsoft
2009-11-13 20:32:02 ----D---- C:\WINDOWS\Help
2009-11-12 22:55:18 ----A---- C:\WINDOWS\win.ini
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-02 19:14:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-01 12:59:13 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Skype
2009-11-01 12:58:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-01 12:57:57 ----D---- C:\WINDOWS\twain_32
2009-11-01 12:57:57 ----D---- C:\WINDOWS\system32\drivers
2009-11-01 12:01:35 ----D---- C:\WINDOWS\Media
2009-11-01 09:58:17 ----D---- C:\Program Files\Common Files\Adobe
2009-11-01 09:57:34 ----RSD---- C:\WINDOWS\Fonts
2009-11-01 09:57:27 ----D---- C:\Program Files\Adobe
2009-11-01 09:54:10 ----D---- C:\Program Files\totalcmd
2009-10-31 20:41:27 ----D---- C:\WINDOWS\system32\DirectX
2009-10-28 16:07:15 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 06:41:51 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-28 06:41:46 ----RSD---- C:\WINDOWS\assembly
2009-10-28 06:27:54 ----SD---- C:\WINDOWS\Tasks
2009-10-28 06:20:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 06:16:44 ----D---- C:\Program Files\Internet Explorer
2009-10-28 06:02:59 ----D---- C:\Program Files\Windows Live
2009-10-28 05:54:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-28 05:54:06 ----D---- C:\WINDOWS\Registration
2009-10-28 05:43:57 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Winamp
2009-10-28 05:43:16 ----D---- C:\Program Files\Winamp
2009-10-28 05:38:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-28 05:37:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-28 05:36:10 ----SH---- C:\boot.ini
2009-10-28 05:36:09 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-10-28 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-10-28 55656]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 HDAudBus;Microsoft UAA busz-illesztőprogram - High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-25 4952576]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-09-19 290432]
S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-28 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-28 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-27 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 yksvc;Marvell Yukon Service; ykx32mpcoinst,serviceStartProc []
S2 Zwunzi Service;Zwunzi Service; C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi127.exe [2009-11-12 58720]
S3 aspnet_state;ASP.NET-állapotszolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp portmegosztási szolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

egy üres log nyílt meg

modgreper zip ez jo enek hagy beket csak azt csinald ami irok
klik-start-klik_futatas>masold az ablakba ezta parancsot
cmd /c mbr.exe -t >log.txt&start log.txt
kinyilik a log.txt a tartalmat ted ide.

Az asztalon van az mbr.exe ikon, az mbt txt ikon, a modgreper zip, és a kicsomagolt modgreper.exe ikon és a modgreper.sys ikon, és a moda txt ikon...

klik-start-klik_futatas>masold az ablakba ezta parancsot
cmd /c mbr.exe -t >log.txt&start log.txt
kinyilik a log.txt a tartalmat ted ide.

majd megcsináltam a másikat is,arra pedig ismét ez jött le :
f8ac6000 : \SystemRoot\System32\Drivers\ParVdm.SYS
bffa0000 : \SystemRoot\System32\ATMFD.DLL
f8906000 : \SystemRoot\System32\Drivers\Msfs.SYS
f8c13000 : \SystemRoot\System32\Drivers\Null.SYS
f8a70000 : \SystemRoot\System32\Drivers\Fs_Rec.SYS
f8a3c000 : dmload.sys
804d7000 - 806edd00 : \WINDOWS\system32\ntoskrnl.exe
806ee000 - 8070e300 : \WINDOWS\system32\hal.dll
f8a36000 - f8a38000 : \WINDOWS\system32\KDCOM.DLL
f8946000 - f8949000 : \WINDOWS\system32\BOOTVID.dll
f84e7000 - f8515000 : ACPI.sys
f8a38000 - f8a3a000 : \WINDOWS\system32\DRIVERS\WMILIB.SYS
f84d6000 - f84e7000 : pci.sys
f8536000 - f8540000 : isapnp.sys
f8a3a000 - f8a3c000 : intelide.sys
f8546000 - f8551000 : MountMgr.sys
f84b7000 - f84d6000 : ftdisk.sys
f8491000 - f84b7000 : dmio.sys
f87be000 - f87c3000 : PartMgr.sys
f8556000 - f8563000 : VolSnap.sys
f8479000 - f8491000 : atapi.sys
f8566000 - f856f000 : disk.sys
f8576000 - f8583000 : \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
f8459000 - f8479000 : fltmgr.sys
f8447000 - f8459000 : sr.sys
f8586000 - f858f000 : PxHelp20.sys
f8430000 - f8447000 : KSecDD.sys
f83a3000 - f8430000 : Ntfs.sys
f8376000 - f83a3000 : NDIS.sys
f894a000 - f894e000 : vbtenum.sys
f835c000 - f8376000 : Mup.sys
f87c6000 - f87cd000 : BTHidMgr.sys
f8596000 - f85a1000 : agp440.sys
f87b6000 - f87bd000 : \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
f7a89000 - f7de9000 : \SystemRoot\system32\DRIVERS\nv4_mini.sys
f7e39000 - f7e43000 : \SystemRoot\system32\DRIVERS\intelppm.sys
f7a75000 - f7a89000 : \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
f88a6000 - f88ac000 : \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
f887e000 - f8884000 : \SystemRoot\system32\DRIVERS\usbuhci.sys
f8686000 - f868f000 : \SystemRoot\system32\DRIVERS\netbios.sys
f7e09000 - f7e14000 : \SystemRoot\system32\DRIVERS\imapi.sys
f55b3000 - f55d5000 : \SystemRoot\System32\drivers\afd.sys
bf9d6000 - bfd9c000 : \SystemRoot\System32\nv4_disp.dll
f55d5000 - f55fd000 : \SystemRoot\system32\DRIVERS\netbt.sys
f5704000 - f5707000 : \SystemRoot\System32\drivers\Dxapi.sys
f8676000 - f867f000 : \SystemRoot\system32\DRIVERS\msgpc.sys
f5588000 - f55b3000 : \SystemRoot\system32\DRIVERS\rdbss.sys
f5656000 - f5669000 : \SystemRoot\system32\DRIVERS\ipsec.sys
f55fd000 - f5656000 : \SystemRoot\system32\DRIVERS\tcpip.sys
f88fe000 - f8904000 : \SystemRoot\System32\drivers\vga.sys
f890e000 - f8916000 : \SystemRoot\System32\Drivers\Npfs.SYS
f79ef000 - f7a12000 : \SystemRoot\system32\DRIVERS\ks.sys
f54f2000 - f5518000 : \SystemRoot\system32\DRIVERS\ipnat.sys
f79af000 - f79ef000 : \SystemRoot\system32\drivers\smwdm.sys
f86e6000 - f86f6000 : \SystemRoot\System32\Drivers\Cdfs.SYS
f85f6000 - f8605000 : \SystemRoot\system32\drivers\drmk.sys
f8a74000 - f8a76000 : \SystemRoot\System32\Drivers\mnmdd.SYS
f7df9000 - f7e09000 : \SystemRoot\system32\DRIVERS\cdrom.sys
f8696000 - f86a1000 : \SystemRoot\System32\Drivers\Fips.SYS
f889e000 - f88a5000 : \SystemRoot\system32\DRIVERS\blueletaudio.sys
f88ae000 - f88b6000 : \SystemRoot\System32\Drivers\Modem.SYS
f88be000 - f88c3000 : \SystemRoot\system32\DRIVERS\TDI.SYS
f88d6000 - f88dd000 : \SystemRoot\system32\DRIVERS\VComm.sys
f789e000 - f78ce000 : \SystemRoot\system32\DRIVERS\rdpdr.sys
f8a7a000 - f8a7c000 : \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
f8a6c000 - f8a6e000 : \SystemRoot\system32\DRIVERS\USBD.SYS
f7a51000 - f7a75000 : \SystemRoot\system32\DRIVERS\USBPORT.SYS
f798b000 - f79af000 : \SystemRoot\system32\drivers\portcls.sys
f8a72000 - f8a74000 : \SystemRoot\System32\Drivers\Beep.SYS
f8c45000 - f8c46000 : \SystemRoot\system32\DRIVERS\audstub.sys
f8a66000 - f8a68000 : \SystemRoot\System32\Drivers\RootMdm.sys
f8606000 - f8610000 : \SystemRoot\System32\Drivers\VcommMgr.sys
f796b000 - f798b000 : \SystemRoot\system32\drivers\aeaudio.sys
f7e29000 - f7e36000 : \SystemRoot\system32\DRIVERS\i8042prt.sys
f888e000 - f8895000 : \SystemRoot\system32\DRIVERS\kbdclass.sys
f8a0e000 - f8a12000 : \SystemRoot\system32\DRIVERS\serenum.sys
f7a12000 - f7a26000 : \SystemRoot\system32\DRIVERS\parport.sys
f7e19000 - f7e29000 : \SystemRoot\system32\DRIVERS\serial.sys
b98b0000 - b98f1000 : \SystemRoot\System32\Drivers\HTTP.sys
f8886000 - f888e000 : \SystemRoot\system32\DRIVERS\usbehci.sys
f7de9000 - f7df8000 : \SystemRoot\system32\DRIVERS\redbook.sys
f790d000 - f796b000 : \SystemRoot\system32\drivers\senfilt.sys
f7a26000 - f7a51000 : \SystemRoot\system32\DRIVERS\e1000325.sys
f8896000 - f889c000 : \SystemRoot\system32\DRIVERS\mouclass.sys
f88b6000 - f88bb000 : \SystemRoot\system32\DRIVERS\rasirda.sys
f8616000 - f8623000 : \SystemRoot\system32\DRIVERS\rasl2tp.sys
f78f6000 - f790d000 : \SystemRoot\system32\DRIVERS\ndiswan.sys
f8636000 - f8642000 : \SystemRoot\system32\DRIVERS\raspptp.sys
f88c6000 - f88cb000 : \SystemRoot\system32\DRIVERS\ptilink.sys
f88ce000 - f88d3000 : \SystemRoot\system32\DRIVERS\raspti.sys
f8a1e000 - f8a21000 : \SystemRoot\system32\DRIVERS\btnetdrv.sys
bac6e000 - bac84000 : \SystemRoot\system32\DRIVERS\irda.sys
f8a1a000 - f8a1d000 : \SystemRoot\system32\DRIVERS\ndistapi.sys
f7840000 - f789e000 : \SystemRoot\system32\DRIVERS\update.sys
f8626000 - f8631000 : \SystemRoot\system32\DRIVERS\raspppoe.sys
f8a32000 - f8a36000 : \SystemRoot\system32\DRIVERS\mssmbios.sys
f8a68000 - f8a6a000 : \SystemRoot\system32\DRIVERS\swenum.sys
f8646000 - f8650000 : \SystemRoot\system32\DRIVERS\termdd.sys
ba0f8000 - ba125000 : \SystemRoot\system32\DRIVERS\mrxdav.sys
? f4ba5000 - f4bbd000 : \SystemRoot\System32\Drivers\dump_atapi.sys
acd63000 - acd8e000 : \SystemRoot\system32\drivers\kmixer.sys
? f8a7e000 - f8a80000 : \SystemRoot\System32\Drivers\dump_WMILIB.SYS
b9d29000 - b9d7b000 : \SystemRoot\system32\DRIVERS\srv.sys
f7e79000 - f7e88000 : \SystemRoot\system32\drivers\sysaudio.sys
ba251000 - ba266000 : \SystemRoot\system32\drivers\wdmaud.sys
bad18000 - bad1c000 : \SystemRoot\system32\DRIVERS\ndisuio.sys
bacfc000 - bad10000 : \SystemRoot\system32\DRIVERS\avgntflt.sys
f891e000 - f8924000 : \SystemRoot\system32\DRIVERS\ssmdrv.sys
f5518000 - f5588000 : \SystemRoot\system32\DRIVERS\mrxsmb.sys
f8656000 - f8660000 : \SystemRoot\System32\Drivers\NDProxy.SYS
f78ee000 - f78f1000 : \SystemRoot\system32\DRIVERS\rasacd.sys
f86a6000 - f86af000 : \SystemRoot\system32\DRIVERS\wanarp.sys
f4bed000 - f4bf9000 : \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
f54ae000 - f54ca000 : \SystemRoot\system32\DRIVERS\avipbb.sys
f8c20000 - f8c21000 : \??\C:\WINDOWS\system32\drivers\aslm75.sys
f4c5d000 - f54ae000 : \SystemRoot\system32\DRIVERS\snpstd3.sys
f86d6000 - f86e3000 : \SystemRoot\system32\DRIVERS\STREAM.SYS
f8666000 - f8675000 : \SystemRoot\system32\DRIVERS\usbhub.sys
f56b1000 - f56d0000 : \SystemRoot\System32\DRIVERS\cmdguard.sys
f8926000 - f892b000 : \SystemRoot\System32\watchdog.sys
f8916000 - f891b000 : \SystemRoot\System32\DRIVERS\cmdhlp.sys
f8a76000 - f8a78000 : \SystemRoot\System32\DRIVERS\RDPCDD.sys
f8c55000 - f8c56000 : \SystemRoot\System32\drivers\dxgthk.sys
bf9c4000 - bf9d6000 : \SystemRoot\System32\drivers\dxg.sys
bf800000 - bf9c4000 : \SystemRoot\System32\win32k.sys
f87fe000 - f8803000 : \??\C:\Documents and Settings\Szépvölgyi Dezső\Asztal\modgreper.sys
? f8866000 - f886c000 : \??\C:\DOCUME~1\SZPVLG~1\LOCALS~1\Temp\mbr.sys

Megcsináltam most is úgy ahogy mondtad... Letöltöttem ezt : http://www2.gmer.net/mbr/mbr.exe Majd beírom azt amit írtál, de nekem csak ezt adja ki a txt-re
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

hn
klik-start-klik_futatas>masold az ablakba ezta parancsot
cmd /c mbr.exe -t >log.txt&start log.txt
amit ad ted ide,

Eztet nemcsinaltad ugy ahogy leirtam,,olvasd megegyszer el hogy mit irtam

Igyekezek...
Ez az MBR
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Ez a MODA

f8ac6000 : \SystemRoot\System32\Drivers\ParVdm.SYS
bffa0000 : \SystemRoot\System32\ATMFD.DLL
f8906000 : \SystemRoot\System32\Drivers\Msfs.SYS
f8c13000 : \SystemRoot\System32\Drivers\Null.SYS
f8a70000 : \SystemRoot\System32\Drivers\Fs_Rec.SYS
f8a3c000 : dmload.sys
804d7000 - 806edd00 : \WINDOWS\system32\ntoskrnl.exe
806ee000 - 8070e300 : \WINDOWS\system32\hal.dll
f8a36000 - f8a38000 : \WINDOWS\system32\KDCOM.DLL
f8946000 - f8949000 : \WINDOWS\system32\BOOTVID.dll
f84e7000 - f8515000 : ACPI.sys
f8a38000 - f8a3a000 : \WINDOWS\system32\DRIVERS\WMILIB.SYS
f84d6000 - f84e7000 : pci.sys
f8536000 - f8540000 : isapnp.sys
f8a3a000 - f8a3c000 : intelide.sys
f8546000 - f8551000 : MountMgr.sys
f84b7000 - f84d6000 : ftdisk.sys
f8491000 - f84b7000 : dmio.sys
f87be000 - f87c3000 : PartMgr.sys
f8556000 - f8563000 : VolSnap.sys
f8479000 - f8491000 : atapi.sys
f8566000 - f856f000 : disk.sys
f8576000 - f8583000 : \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
f8459000 - f8479000 : fltmgr.sys
f8447000 - f8459000 : sr.sys
f8586000 - f858f000 : PxHelp20.sys
f8430000 - f8447000 : KSecDD.sys
f83a3000 - f8430000 : Ntfs.sys
f8376000 - f83a3000 : NDIS.sys
f894a000 - f894e000 : vbtenum.sys
f835c000 - f8376000 : Mup.sys
f87c6000 - f87cd000 : BTHidMgr.sys
f8596000 - f85a1000 : agp440.sys
f87b6000 - f87bd000 : \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
f7a89000 - f7de9000 : \SystemRoot\system32\DRIVERS\nv4_mini.sys
f7e39000 - f7e43000 : \SystemRoot\system32\DRIVERS\intelppm.sys
f7a75000 - f7a89000 : \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
f88a6000 - f88ac000 : \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
f887e000 - f8884000 : \SystemRoot\system32\DRIVERS\usbuhci.sys
f8686000 - f868f000 : \SystemRoot\system32\DRIVERS\netbios.sys
f7e09000 - f7e14000 : \SystemRoot\system32\DRIVERS\imapi.sys
f55b3000 - f55d5000 : \SystemRoot\System32\drivers\afd.sys
bf9d6000 - bfd9c000 : \SystemRoot\System32\nv4_disp.dll
f55d5000 - f55fd000 : \SystemRoot\system32\DRIVERS\netbt.sys
f5704000 - f5707000 : \SystemRoot\System32\drivers\Dxapi.sys
f8676000 - f867f000 : \SystemRoot\system32\DRIVERS\msgpc.sys
f5588000 - f55b3000 : \SystemRoot\system32\DRIVERS\rdbss.sys
f5656000 - f5669000 : \SystemRoot\system32\DRIVERS\ipsec.sys
f55fd000 - f5656000 : \SystemRoot\system32\DRIVERS\tcpip.sys
f88fe000 - f8904000 : \SystemRoot\System32\drivers\vga.sys
f890e000 - f8916000 : \SystemRoot\System32\Drivers\Npfs.SYS
f79ef000 - f7a12000 : \SystemRoot\system32\DRIVERS\ks.sys
f54f2000 - f5518000 : \SystemRoot\system32\DRIVERS\ipnat.sys
f79af000 - f79ef000 : \SystemRoot\system32\drivers\smwdm.sys
f86e6000 - f86f6000 : \SystemRoot\System32\Drivers\Cdfs.SYS
f85f6000 - f8605000 : \SystemRoot\system32\drivers\drmk.sys
f8a74000 - f8a76000 : \SystemRoot\System32\Drivers\mnmdd.SYS
f7df9000 - f7e09000 : \SystemRoot\system32\DRIVERS\cdrom.sys
f8696000 - f86a1000 : \SystemRoot\System32\Drivers\Fips.SYS
f889e000 - f88a5000 : \SystemRoot\system32\DRIVERS\blueletaudio.sys
f88ae000 - f88b6000 : \SystemRoot\System32\Drivers\Modem.SYS
f88be000 - f88c3000 : \SystemRoot\system32\DRIVERS\TDI.SYS
f88d6000 - f88dd000 : \SystemRoot\system32\DRIVERS\VComm.sys
f789e000 - f78ce000 : \SystemRoot\system32\DRIVERS\rdpdr.sys
f8a7a000 - f8a7c000 : \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
f8a6c000 - f8a6e000 : \SystemRoot\system32\DRIVERS\USBD.SYS
f7a51000 - f7a75000 : \SystemRoot\system32\DRIVERS\USBPORT.SYS
f798b000 - f79af000 : \SystemRoot\system32\drivers\portcls.sys
f8a72000 - f8a74000 : \SystemRoot\System32\Drivers\Beep.SYS
f8c45000 - f8c46000 : \SystemRoot\system32\DRIVERS\audstub.sys
f8a66000 - f8a68000 : \SystemRoot\System32\Drivers\RootMdm.sys
f8606000 - f8610000 : \SystemRoot\System32\Drivers\VcommMgr.sys
f796b000 - f798b000 : \SystemRoot\system32\drivers\aeaudio.sys
f7e29000 - f7e36000 : \SystemRoot\system32\DRIVERS\i8042prt.sys
f888e000 - f8895000 : \SystemRoot\system32\DRIVERS\kbdclass.sys
f8a0e000 - f8a12000 : \SystemRoot\system32\DRIVERS\serenum.sys
f7a12000 - f7a26000 : \SystemRoot\system32\DRIVERS\parport.sys
f7e19000 - f7e29000 : \SystemRoot\system32\DRIVERS\serial.sys
b98b0000 - b98f1000 : \SystemRoot\System32\Drivers\HTTP.sys
f8886000 - f888e000 : \SystemRoot\system32\DRIVERS\usbehci.sys
f7de9000 - f7df8000 : \SystemRoot\system32\DRIVERS\redbook.sys
f790d000 - f796b000 : \SystemRoot\system32\drivers\senfilt.sys
f7a26000 - f7a51000 : \SystemRoot\system32\DRIVERS\e1000325.sys
f8896000 - f889c000 : \SystemRoot\system32\DRIVERS\mouclass.sys
f88b6000 - f88bb000 : \SystemRoot\system32\DRIVERS\rasirda.sys
f8616000 - f8623000 : \SystemRoot\system32\DRIVERS\rasl2tp.sys
f78f6000 - f790d000 : \SystemRoot\system32\DRIVERS\ndiswan.sys
f8636000 - f8642000 : \SystemRoot\system32\DRIVERS\raspptp.sys
f88c6000 - f88cb000 : \SystemRoot\system32\DRIVERS\ptilink.sys
f88ce000 - f88d3000 : \SystemRoot\system32\DRIVERS\raspti.sys
f8a1e000 - f8a21000 : \SystemRoot\system32\DRIVERS\btnetdrv.sys
bac6e000 - bac84000 : \SystemRoot\system32\DRIVERS\irda.sys
f8a1a000 - f8a1d000 : \SystemRoot\system32\DRIVERS\ndistapi.sys
f7840000 - f789e000 : \SystemRoot\system32\DRIVERS\update.sys
f8626000 - f8631000 : \SystemRoot\system32\DRIVERS\raspppoe.sys
f8a32000 - f8a36000 : \SystemRoot\system32\DRIVERS\mssmbios.sys
f8a68000 - f8a6a000 : \SystemRoot\system32\DRIVERS\swenum.sys
f8646000 - f8650000 : \SystemRoot\system32\DRIVERS\termdd.sys
ba0f8000 - ba125000 : \SystemRoot\system32\DRIVERS\mrxdav.sys
? f4ba5000 - f4bbd000 : \SystemRoot\System32\Drivers\dump_atapi.sys
b8444000 - b846f000 : \SystemRoot\system32\drivers\kmixer.sys
? f8a7e000 - f8a80000 : \SystemRoot\System32\Drivers\dump_WMILIB.SYS
b9d29000 - b9d7b000 : \SystemRoot\system32\DRIVERS\srv.sys
f7e79000 - f7e88000 : \SystemRoot\system32\drivers\sysaudio.sys
ba251000 - ba266000 : \SystemRoot\system32\drivers\wdmaud.sys
bad18000 - bad1c000 : \SystemRoot\system32\DRIVERS\ndisuio.sys
bacfc000 - bad10000 : \SystemRoot\system32\DRIVERS\avgntflt.sys
f891e000 - f8924000 : \SystemRoot\system32\DRIVERS\ssmdrv.sys
f5518000 - f5588000 : \SystemRoot\system32\DRIVERS\mrxsmb.sys
f8656000 - f8660000 : \SystemRoot\System32\Drivers\NDProxy.SYS
f78ee000 - f78f1000 : \SystemRoot\system32\DRIVERS\rasacd.sys
f86a6000 - f86af000 : \SystemRoot\system32\DRIVERS\wanarp.sys
f4bed000 - f4bf9000 : \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
f54ae000 - f54ca000 : \SystemRoot\system32\DRIVERS\avipbb.sys
f8c20000 - f8c21000 : \??\C:\WINDOWS\system32\drivers\aslm75.sys
f4c5d000 - f54ae000 : \SystemRoot\system32\DRIVERS\snpstd3.sys
f86d6000 - f86e3000 : \SystemRoot\system32\DRIVERS\STREAM.SYS
f8666000 - f8675000 : \SystemRoot\system32\DRIVERS\usbhub.sys
f56b1000 - f56d0000 : \SystemRoot\System32\DRIVERS\cmdguard.sys
f8926000 - f892b000 : \SystemRoot\System32\watchdog.sys
f8916000 - f891b000 : \SystemRoot\System32\DRIVERS\cmdhlp.sys
f8a76000 - f8a78000 : \SystemRoot\System32\DRIVERS\RDPCDD.sys
f8c55000 - f8c56000 : \SystemRoot\System32\drivers\dxgthk.sys
bf9c4000 - bf9d6000 : \SystemRoot\System32\drivers\dxg.sys
bf800000 - bf9c4000 : \SystemRoot\System32\win32k.sys
f87e6000 - f87eb000 : \??\C:\Documents and Settings\Szépvölgyi Dezső\Asztal\modgreper.sys
? f8866000 - f886c000 : \??\C:\DOCUME~1\SZPVLG~1\LOCALS~1\Temp\mbr.sys

legy szives olvasd figyelmesen amit irok,hogy nekellyen mindent duplan irnom,,
csinald meg az elso lepest is amit irtam,a mbr.exe programal,

f8ac6000 : \SystemRoot\System32\Drivers\ParVdm.SYS
bffa0000 : \SystemRoot\System32\ATMFD.DLL
f8906000 : \SystemRoot\System32\Drivers\Msfs.SYS
f8c13000 : \SystemRoot\System32\Drivers\Null.SYS
f8a70000 : \SystemRoot\System32\Drivers\Fs_Rec.SYS
f8a3c000 : dmload.sys
804d7000 - 806edd00 : \WINDOWS\system32\ntoskrnl.exe
806ee000 - 8070e300 : \WINDOWS\system32\hal.dll
f8a36000 - f8a38000 : \WINDOWS\system32\KDCOM.DLL
f8946000 - f8949000 : \WINDOWS\system32\BOOTVID.dll
f84e7000 - f8515000 : ACPI.sys
f8a38000 - f8a3a000 : \WINDOWS\system32\DRIVERS\WMILIB.SYS
f84d6000 - f84e7000 : pci.sys
f8536000 - f8540000 : isapnp.sys
f8a3a000 - f8a3c000 : intelide.sys
f8546000 - f8551000 : MountMgr.sys
f84b7000 - f84d6000 : ftdisk.sys
f8491000 - f84b7000 : dmio.sys
f87be000 - f87c3000 : PartMgr.sys
f8556000 - f8563000 : VolSnap.sys
f8479000 - f8491000 : atapi.sys
f8566000 - f856f000 : disk.sys
f8576000 - f8583000 : \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
f8459000 - f8479000 : fltmgr.sys
f8447000 - f8459000 : sr.sys
f8586000 - f858f000 : PxHelp20.sys
f8430000 - f8447000 : KSecDD.sys
f83a3000 - f8430000 : Ntfs.sys
f8376000 - f83a3000 : NDIS.sys
f894a000 - f894e000 : vbtenum.sys
f835c000 - f8376000 : Mup.sys
f87c6000 - f87cd000 : BTHidMgr.sys
f8596000 - f85a1000 : agp440.sys
f87b6000 - f87bd000 : \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
f7a89000 - f7de9000 : \SystemRoot\system32\DRIVERS\nv4_mini.sys
f7e39000 - f7e43000 : \SystemRoot\system32\DRIVERS\intelppm.sys
f7a75000 - f7a89000 : \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
f88a6000 - f88ac000 : \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
f887e000 - f8884000 : \SystemRoot\system32\DRIVERS\usbuhci.sys
f8686000 - f868f000 : \SystemRoot\system32\DRIVERS\netbios.sys
f7e09000 - f7e14000 : \SystemRoot\system32\DRIVERS\imapi.sys
f55b3000 - f55d5000 : \SystemRoot\System32\drivers\afd.sys
bf9d6000 - bfd9c000 : \SystemRoot\System32\nv4_disp.dll
f55d5000 - f55fd000 : \SystemRoot\system32\DRIVERS\netbt.sys
f5704000 - f5707000 : \SystemRoot\System32\drivers\Dxapi.sys
f8676000 - f867f000 : \SystemRoot\system32\DRIVERS\msgpc.sys
f5588000 - f55b3000 : \SystemRoot\system32\DRIVERS\rdbss.sys
f5656000 - f5669000 : \SystemRoot\system32\DRIVERS\ipsec.sys
f55fd000 - f5656000 : \SystemRoot\system32\DRIVERS\tcpip.sys
f88fe000 - f8904000 : \SystemRoot\System32\drivers\vga.sys
f890e000 - f8916000 : \SystemRoot\System32\Drivers\Npfs.SYS
f79ef000 - f7a12000 : \SystemRoot\system32\DRIVERS\ks.sys
f54f2000 - f5518000 : \SystemRoot\system32\DRIVERS\ipnat.sys
f79af000 - f79ef000 : \SystemRoot\system32\drivers\smwdm.sys
f86e6000 - f86f6000 : \SystemRoot\System32\Drivers\Cdfs.SYS
f85f6000 - f8605000 : \SystemRoot\system32\drivers\drmk.sys
f8a74000 - f8a76000 : \SystemRoot\System32\Drivers\mnmdd.SYS
f7df9000 - f7e09000 : \SystemRoot\system32\DRIVERS\cdrom.sys
f8696000 - f86a1000 : \SystemRoot\System32\Drivers\Fips.SYS
f889e000 - f88a5000 : \SystemRoot\system32\DRIVERS\blueletaudio.sys
f88ae000 - f88b6000 : \SystemRoot\System32\Drivers\Modem.SYS
f88be000 - f88c3000 : \SystemRoot\system32\DRIVERS\TDI.SYS
f88d6000 - f88dd000 : \SystemRoot\system32\DRIVERS\VComm.sys
f789e000 - f78ce000 : \SystemRoot\system32\DRIVERS\rdpdr.sys
f8a7a000 - f8a7c000 : \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
f8a6c000 - f8a6e000 : \SystemRoot\system32\DRIVERS\USBD.SYS
f7a51000 - f7a75000 : \SystemRoot\system32\DRIVERS\USBPORT.SYS
f798b000 - f79af000 : \SystemRoot\system32\drivers\portcls.sys
f8a72000 - f8a74000 : \SystemRoot\System32\Drivers\Beep.SYS
f8c45000 - f8c46000 : \SystemRoot\system32\DRIVERS\audstub.sys
f8a66000 - f8a68000 : \SystemRoot\System32\Drivers\RootMdm.sys
f8606000 - f8610000 : \SystemRoot\System32\Drivers\VcommMgr.sys
f796b000 - f798b000 : \SystemRoot\system32\drivers\aeaudio.sys
f7e29000 - f7e36000 : \SystemRoot\system32\DRIVERS\i8042prt.sys
f888e000 - f8895000 : \SystemRoot\system32\DRIVERS\kbdclass.sys
f8a0e000 - f8a12000 : \SystemRoot\system32\DRIVERS\serenum.sys
f7a12000 - f7a26000 : \SystemRoot\system32\DRIVERS\parport.sys
f7e19000 - f7e29000 : \SystemRoot\system32\DRIVERS\serial.sys
b98b0000 - b98f1000 : \SystemRoot\System32\Drivers\HTTP.sys
f8886000 - f888e000 : \SystemRoot\system32\DRIVERS\usbehci.sys
f7de9000 - f7df8000 : \SystemRoot\system32\DRIVERS\redbook.sys
f790d000 - f796b000 : \SystemRoot\system32\drivers\senfilt.sys
f7a26000 - f7a51000 : \SystemRoot\system32\DRIVERS\e1000325.sys
f8896000 - f889c000 : \SystemRoot\system32\DRIVERS\mouclass.sys
f88b6000 - f88bb000 : \SystemRoot\system32\DRIVERS\rasirda.sys
f8616000 - f8623000 : \SystemRoot\system32\DRIVERS\rasl2tp.sys
f78f6000 - f790d000 : \SystemRoot\system32\DRIVERS\ndiswan.sys
f8636000 - f8642000 : \SystemRoot\system32\DRIVERS\raspptp.sys
f88c6000 - f88cb000 : \SystemRoot\system32\DRIVERS\ptilink.sys
f88ce000 - f88d3000 : \SystemRoot\system32\DRIVERS\raspti.sys
f8a1e000 - f8a21000 : \SystemRoot\system32\DRIVERS\btnetdrv.sys
bac6e000 - bac84000 : \SystemRoot\system32\DRIVERS\irda.sys
f8a1a000 - f8a1d000 : \SystemRoot\system32\DRIVERS\ndistapi.sys
f7840000 - f789e000 : \SystemRoot\system32\DRIVERS\update.sys
f8626000 - f8631000 : \SystemRoot\system32\DRIVERS\raspppoe.sys
f8a32000 - f8a36000 : \SystemRoot\system32\DRIVERS\mssmbios.sys
f8a68000 - f8a6a000 : \SystemRoot\system32\DRIVERS\swenum.sys
f8646000 - f8650000 : \SystemRoot\system32\DRIVERS\termdd.sys
ba0f8000 - ba125000 : \SystemRoot\system32\DRIVERS\mrxdav.sys
? f4ba5000 - f4bbd000 : \SystemRoot\System32\Drivers\dump_atapi.sys
b8444000 - b846f000 : \SystemRoot\system32\drivers\kmixer.sys
? f8a7e000 - f8a80000 : \SystemRoot\System32\Drivers\dump_WMILIB.SYS
b9d29000 - b9d7b000 : \SystemRoot\system32\DRIVERS\srv.sys
f7e79000 - f7e88000 : \SystemRoot\system32\drivers\sysaudio.sys
ba251000 - ba266000 : \SystemRoot\system32\drivers\wdmaud.sys
bad18000 - bad1c000 : \SystemRoot\system32\DRIVERS\ndisuio.sys
bacfc000 - bad10000 : \SystemRoot\system32\DRIVERS\avgntflt.sys
f891e000 - f8924000 : \SystemRoot\system32\DRIVERS\ssmdrv.sys
f5518000 - f5588000 : \SystemRoot\system32\DRIVERS\mrxsmb.sys
f8656000 - f8660000 : \SystemRoot\System32\Drivers\NDProxy.SYS
f78ee000 - f78f1000 : \SystemRoot\system32\DRIVERS\rasacd.sys
f86a6000 - f86af000 : \SystemRoot\system32\DRIVERS\wanarp.sys
f4bed000 - f4bf9000 : \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
f54ae000 - f54ca000 : \SystemRoot\system32\DRIVERS\avipbb.sys
f8c20000 - f8c21000 : \??\C:\WINDOWS\system32\drivers\aslm75.sys
f4c5d000 - f54ae000 : \SystemRoot\system32\DRIVERS\snpstd3.sys
f86d6000 - f86e3000 : \SystemRoot\system32\DRIVERS\STREAM.SYS
f8666000 - f8675000 : \SystemRoot\system32\DRIVERS\usbhub.sys
f56b1000 - f56d0000 : \SystemRoot\System32\DRIVERS\cmdguard.sys
f8926000 - f892b000 : \SystemRoot\System32\watchdog.sys
f8916000 - f891b000 : \SystemRoot\System32\DRIVERS\cmdhlp.sys
f8a76000 - f8a78000 : \SystemRoot\System32\DRIVERS\RDPCDD.sys
f8c55000 - f8c56000 : \SystemRoot\System32\drivers\dxgthk.sys
bf9c4000 - bf9d6000 : \SystemRoot\System32\drivers\dxg.sys
bf800000 - bf9c4000 : \SystemRoot\System32\win32k.sys
f8876000 - f887b000 : \??\C:\Documents and Settings\Szépvölgyi Dezső\Asztal\modgreper.sys
? f8866000 - f886c000 : \??\C:\DOCUME~1\SZPVLG~1\LOCALS~1\Temp\mbr.sys

http://www2.gmer.net/mbr/mbr.exe
tolds le tes az asztalra
start>futatas>masold be ezt a parancsot
"%userprofile%\asztal\mbr" -t [enter]
rogton ad logot az asztalra,mbr.txt>>ted ide

[/b]

Szia Stell! Hát megint itt lennék, eltelt pár nap-igaz nem néztem a gépre, be se kapcsoltam-, de a probléma még mindig fenn áll, ez a ki-be kapcsolás.. Jó párszor ki-be kapcsol úgy hogy még a Windows XP logóig el se jutunk, majd a több próbálkozás után, mikor rákattintok a felhasználóra és belépek az XP-be, pár másodperc, majd amikor megjelenik az Avira ablaka, újra kikapcsol és elindul.... Sokadik próbálkozásra tudok csak belépni.... Tudsz segíteni még?? Köszi, és bocsi

udv
legy szives ted ide az RSIT loglyat
http://images.malwareremoval.com/random/RSIT.exe
az asztalra teszed>>futatod>klik>continue>ad 2-logot>>log ,txt az asztalon lesz es info.txt a talcan lesz ted ide es ird le hogy mi a problem,

Kedves Stell!

Nagyon ajánlottak téged, remélem tudsz segíteni. Másolom a Hijackes jegyzet tömböt. Vess rá egy pillantást légyszíves, ha van rá időd. Előre is köszi. Kiss Tom

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:40, on 2009.11.25.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi127.exe
C:\Program Files\Zwunzi\zwunzi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: t-com.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6656482531
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://mail.bekescsaba.hu:8080/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D872676F-6E21-426F-BD9F-D4DC1579B60B}: NameServer = 80.95.64.200 80.95.64.201
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi127.exe

--
End of file - 7160 bytes

Kedves Stell!

Nagyon ajánlottak téged, remélem tudsz segíteni. Másolom a Hijackes jegyzet tömböt. Vess rá egy pillantást légyszíves, ha van rá időd. Előre is köszi. Kiss Tom

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:40, on 2009.11.25.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi127.exe
C:\Program Files\Zwunzi\zwunzi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: t-com.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6656482531
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://mail.bekescsaba.hu:8080/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D872676F-6E21-426F-BD9F-D4DC1579B60B}: NameServer = 80.95.64.200 80.95.64.201
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O23 - Service: Zwunzi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi127.exe

--
End of file - 7160 bytes

Ez az 50-ik lap kezd baromi nagy lenni. Nem vált a Fórum motor.
Mégiscsak azt kellene csinálni, amit hannibal javasolt: a topikot lezárni, és azonos néven újranyitni. Onnantól legalább nem lenne hiba.

Ugyanezt kellene tenni a stell, help me topikkal is.

igen a combofixnek hibaja volt es kitorolte a drivert aztan a gepcsak korbe ,korbe restartolt,,de mar jo es mar mukszik a win7-is
De ugy ahogy mar valahova irtam a combofixet nemajalatos hoza nemertoknek futatni mert komoly gondog lehetnek a rendszerel,a combofixhez mar tobb parancs van mint a windowshoz,,es mindig kezel is kel kiirtani a trojakat a gepbol,mert mindig jonek az uj rootkitek,pldaul a Tdl3<nez utana meglatod hogy milyen betyar rootkit,,meg roszab mint a mebroot,

Igen vannak ilyenek is hogy HW -hiba
nincsen mitt
udv

Kösz stell!

Szülőkhöz azóta még nem jutottam el, valamelyik nap megnézem majd a gépet. Valahol olvastam, hogy a pciidle.sys is meg tud fertőződni, meg azt is, hogy a combofix -el másoknak is volt gondjuk mostanság ezzel a file- al kapcsolatban :)

Más:
2 hete küzdöttem a főnököm céges gépével, úgy, mit Katika -nál, folyton restartolt, néha eljutott a bejelentkezésig, néha nem, a létező összes progit lefuttattam rajta, míg lehetett, semmi hiba nem volt, aztán idegbetegségemben kibombáztam belőle a tápot, beleraktam az enyémből a tarfót és azóta jó. Csak infóképp írom, ha valaki így jár...

Üdv. Kr