|
| |||||||
| Regisztráció | Oldaltérkép Spy | Tagok listája | Donate | Keres | Mai hozzászólások | Megjelöl Fórumok Olvas | Fórum Szabályok |
 |
 |
| | Téma eszközök |
|
#1
Október 31, 2008, 03:00
| |||
| |||
| Anya letöltött valami Szia, Nos, anyám letöltött valamit, és a tűzfal jött néhány üzenet. Valahogy úgy van telepítve, mielőtt a lány azt mondta nekem. Szóval, végignézi a most futó, ez eltart egy ideig, mert ez egy lassú gép. Nem tudom, mi a neve is, ez mind furcsa szimbólum, és olvashatatlan. Van egy HijackThis log bár, de legalább egy dolog nem tartott sokáig ... Naplózás A Trend Micro HijackThis v2.0.2 Beolvasás mentett 8:53:31 véleményét 31/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Futó folyamatok: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ SYSTEM32 \ winlogon.exe C: \ WINDOWS \ System32 \ Services.exe C: \ WINDOWS \ System32 \ Lsass.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ System32 \ Spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Ctfmon.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ System32 \ SearchIndexer.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ Program Files \ DAP \ DAP.EXE C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Avast4 \ ashSimpl.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe C: \ Program Files \ Avast4 \ setup \ avast.setup R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer által Administrator Kevin R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyOverride = helyi R3 - URLSearchHook: (no name) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file) O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer letöltése és Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ System32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / silent O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'HÁLÓZATI SZOLGÁLTATÁS') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'Default user') O4 - Startup: AEO ¶ ¯ ¶ ÉËÙÍÁ ¹. Lnk =? O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Adatbiztonság csomag \ dapcleanerie.htm O8 - Extra context menu item: & Letöltés a & DAP - C: \ Program Files \ DAP \ dapextie.htm O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm O8 - Extra context menu item: E & xportálás Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikrók ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Kutatás - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikrók ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ System32 \ shdocvw.dll O9 - Extra 'Tools' menuitem:?? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ System32 \ shdocvw.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl osztály) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 Ellenőrző Szolgálat (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc. - C: \ WINDOWS \ System32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown tulajdonos - C: \ WINDOWS \ System32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- End of file - 7692 bytes _______________________________________________ Any help is appreciated. BTW. Nem találok egy ikont, hogy néz ki, mint "uninstall" hozzám, így eltávolítása nem lesz lehetőség ...
__________________ HI:) |
|
#2
Október 31, 2008, 15:21
| |||
| |||
| Anya letöltött valami Nos. Otthagytam a letapogatja futtatni éjszakai, de SuperAntiSpyware tartani encountering problémák és zárt ... Van MalwareBytes jelentkezzen be itt: Malwarebytes' Anti-Malware 1,30 Adatbázis-verzió: 1343 5/1/2600 Windows Service Pack 3 1/11/2008 9:19:03 AM mbam-log-2008-11-01 (09-19-03). txt Beolvasás típusa: Full Scan (C: \ | D: \ | E: \ |) Beolvasott Objects: 190626 Eltelt idő: 3 óra (k), 56 perc (ek), 28 másodperc (ek) Memory Processes Infected: 0 Fertőzött memória modulok: 0 Fertőzött rendszerleíró kulcsok: 0 Fertőzött rendszerleíró értékek: 0 Registry adatokat Infected: 0 Fertőzött mappák: 0 Fertőzött fájlok: 2 Memory Processes Infected: (Nem észlelhető rosszindulatú elem) Fertőzött memória modulok: (Nem észlelhető rosszindulatú elem) Fertőzött rendszerleíró kulcsok: (Nem észlelhető rosszindulatú elem) Fertőzött rendszerleíró értékek: (Nem észlelhető rosszindulatú elem) Registry adatokat Infected: (Nem észlelhető rosszindulatú elem) Fertőzött mappák: (Nem észlelhető rosszindulatú elem) A fertőzött fájlok: C: \ WINDOWS \ System32 \ _005069_.tmp.dll (Trojan.Agent) -> Karanténba és sikeresen törölve. C: \ WINDOWS \ System32 \ _005101_.tmp.dll (Trojan.Agent) -> Karanténba és sikeresen törölve.
__________________ HI:) |
|
#3
Október 31, 2008, 15:24
| ||||||||||||
| ||||||||||||
| Anya letöltött valami Szia
__________________
Folytassa a letapogatja futtatja, akkor kövesse az alábbi utasításokat. Letöltés ComboFix az egyik helyszínen: Link 1 Link 2 Link 3 * FONTOS! Mentés ComboFix.exe az asztalra
 Miután a Microsoft Windows helyreállítási konzol telepítése ComboFix használ, akkor a következő üzenet:  Kattints Igen, Hogy továbbra is a szkennelés malware. Amikor befejezte, ComboFix készít naplót Önnek. Kérjük, adja meg a C: \ ComboFix.txt a következő válasz alog a többi logs. My System: Ez mind az enyém ...
|
|
#4
Október 31, 2008, 15:52
| |||
| |||
| Anya letöltött valami Valamilyen okból ComboFix zárt SuperAntiSpyware miközben azt is szkennelés, így az újraindítás most. És avast! nem indul el az alap már ... Kinyitom a programot, de ez még mindig nem a tálcán dolog ... És a program, hogy anyám letöltött van beállítva, hogy futni indításkor ... Bejelentkezés itt anyway: ComboFix 08-10-30.13 - VIP 2008-11-01 9:36:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [11:00 GMT] Running From: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe * Létrehozott egy új visszaállítási pontot . Egyéb ((((((((((((((((((((((((((((((((((((((( Törlések ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ Warcraft III \ _desktop.ini C: \ WINDOWS \ System32 \ _005058_.tmp.dll C: \ WINDOWS \ System32 \ _005059_.tmp.dll C: \ WINDOWS \ System32 \ _005060_.tmp.dll C: \ WINDOWS \ System32 \ _005061_.tmp.dll C: \ WINDOWS \ System32 \ _005068_.tmp.dll C: \ WINDOWS \ System32 \ _005070_.tmp.dll C: \ WINDOWS \ System32 \ _005071_.tmp.dll C: \ WINDOWS \ System32 \ _005072_.tmp.dll C: \ WINDOWS \ System32 \ _005073_.tmp.dll C: \ WINDOWS \ System32 \ _005074_.tmp.dll C: \ WINDOWS \ System32 \ _005075_.tmp.dll C: \ WINDOWS \ System32 \ _005076_.tmp.dll C: \ WINDOWS \ System32 \ _005077_.tmp.dll C: \ WINDOWS \ System32 \ _005078_.tmp.dll C: \ WINDOWS \ System32 \ _005079_.tmp.dll C: \ WINDOWS \ System32 \ _005080_.tmp.dll C: \ WINDOWS \ System32 \ _005081_.tmp.dll C: \ WINDOWS \ System32 \ _005082_.tmp.dll C: \ WINDOWS \ System32 \ _005084_.tmp.dll C: \ WINDOWS \ System32 \ _005087_.tmp.dll C: \ WINDOWS \ System32 \ _005088_.tmp.dll C: \ WINDOWS \ System32 \ _005092_.tmp.dll C: \ WINDOWS \ System32 \ _005093_.tmp.dll C: \ WINDOWS \ System32 \ _005094_.tmp.dll C: \ WINDOWS \ System32 \ _005095_.tmp.dll C: \ WINDOWS \ System32 \ _005096_.tmp.dll C: \ WINDOWS \ System32 \ _005097_.tmp.dll C: \ WINDOWS \ System32 \ _005098_.tmp.dll C: \ WINDOWS \ System32 \ _005099_.tmp.dll C: \ WINDOWS \ System32 \ _005100_.tmp.dll C: \ WINDOWS \ System32 \ _005102_.tmp.dll C: \ WINDOWS \ System32 \ _005103_.tmp.dll C: \ WINDOWS \ System32 \ _005104_.tmp.dll C: \ WINDOWS \ System32 \ _005106_.tmp.dll C: \ WINDOWS \ System32 \ _005107_.tmp.dll C: \ WINDOWS \ System32 \ _005108_.tmp.dll C: \ WINDOWS \ System32 \ _005109_.tmp.dll C: \ WINDOWS \ System32 \ _005110_.tmp.dll C: \ WINDOWS \ System32 \ _005111_.tmp.dll C: \ WINDOWS \ System32 \ _005112_.tmp.dll C: \ WINDOWS \ System32 \ _005115_.tmp.dll C: \ WINDOWS \ System32 \ _005116_.tmp.dll C: \ WINDOWS \ System32 \ _005117_.tmp.dll C: \ WINDOWS \ System32 \ _005118_.tmp.dll C: \ WINDOWS \ System32 \ _005119_.tmp.dll C: \ WINDOWS \ System32 \ _005121_.tmp.dll C: \ WINDOWS \ System32 \ _005122_.tmp.dll C: \ WINDOWS \ System32 \ _005123_.tmp.dll C: \ WINDOWS \ System32 \ _005125_.tmp.dll C: \ WINDOWS \ System32 \ _005128_.tmp.dll C: \ WINDOWS \ System32 \ _005129_.tmp.dll C: \ WINDOWS \ System32 \ _005133_.tmp.dll C: \ WINDOWS \ System32 \ _005134_.tmp.dll C: \ WINDOWS \ System32 \ _005136_.tmp.dll C: \ WINDOWS \ System32 \ _005137_.tmp.dll C: \ WINDOWS \ System32 \ _005139_.tmp.dll C: \ WINDOWS \ System32 \ _005141_.tmp.dll C: \ WINDOWS \ System32 \ _005142_.tmp.dll C: \ WINDOWS \ System32 \ _005143_.tmp.dll C: \ WINDOWS \ System32 \ _005144_.tmp.dll C: \ WINDOWS \ System32 \ _005147_.tmp.dll C: \ WINDOWS \ System32 \ _005148_.tmp.dll C: \ WINDOWS \ System32 \ _005149_.tmp.dll C: \ WINDOWS \ System32 \ _005150_.tmp.dll C: \ WINDOWS \ System32 \ _005151_.tmp.dll C: \ WINDOWS \ System32 \ _005156_.tmp.dll C: \ WINDOWS \ System32 \ _005158_.tmp.dll C: \ WINDOWS \ System32 \ Cache C: \ WINDOWS \ System32 \ Cfx32.lic C: \ WINDOWS \ System32 \ cfx32.ocx . ((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_NPF ((((((((((((((((((((((((( Files létrehozott 2008/09/28 a 2008/10/31 ))))))))))) )))))))))))))))))))) . 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes 2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ YouTube 2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe 2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4 . (((((((((((((((((((((((((((((((((((((((( Find3M Jelentés )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-10-22 05:10 38.496 ---- aw C: \ WINDOWS \ System32 \ Drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 ---- aw C: \ WINDOWS \ System32 \ Drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ System32 \ Drivers \ srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Megjegyzés * empty entries & legit default bejegyzések nem jelennek meg REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ System32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ System32 \ NeroCheck.e XE" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ System32 \ Ctfmon.exe" [2008-04-14 15360] C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \ "Ôîú ÓëÖμôû.lnk - C: \ Program Files \ YouTube \ U ÓëTudou \ TudouVa.exe [2008-07-06 3248128] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ System] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "C: \ \ WINDOWS \ \ System32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU" = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ ^ Indítópult Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Indítópult [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ ^ Indítópult Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Indítópult [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ ^ Indítópult WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Indítópult [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult BitTorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult LimeWire A Startup.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire A Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult PowerReg scheduler V3.exe] backup = C: \ WINDOWS \ PSS \ PowerReg scheduler V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Regisztráció Tom Clancy's Rainbow Six] backup = C: \ WINDOWS \ PSS \ Regisztrációs Tom Clancy's Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult SpeedFan.lnk] backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult WordWeb.lnk] backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ swg HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader] - a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools] - a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut] - a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Nyelv \ Language.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl] - a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam] - a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent] - a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent] - a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ System32 \ bthprops.cpl [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer] - a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Notice Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "Mdm" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "PML Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo wildwolf \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ Sessmgr.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "<Nincs Neve>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" = "C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = "C: \ \ Program Files \ \ YouTube \ \ ÉËÙTudou \ \ TudouVa.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo wildwolf \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Disabled: @ xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP R1 aswSP; avast! Saját védelme, C: \ WINDOWS \ System32 \ Drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ System32 \ Drivers \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ System32 \ Drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ System32 \ Drivers \ SBKUPN T. SYS [2001-07-13 14976] S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ System32 \ Drivers \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ System32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc. USB Device, C: \ WINDOWS \ System32 \ Drivers \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Driver NT, C: \ WINDOWS \ System32 \ Drivers \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042, C: \ WINDOWS \ System32 \ XDva042.sys [] . Tartalma az "Ütemezett feladatok" mappába 2008/10/01 C: \ WINDOWS \ feladatok \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008/10/27 C: \ WINDOWS \ feladatok \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007/05/14 C: \ WINDOWS \ feladatok \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008/10/25 C: \ WINDOWS \ feladatok \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . - - - - ÁRVAELLÁTÁS REMOVED - - - -- URLSearchHooks-(0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file) ShellIconOverlayIdentifiers-hex (2): 7b 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (no file) ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (no file) MSConfigStartUp-Comodo Firewall Pro - C: \ Program Files \ Comodo \ Firewall \ cfp.exe MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Faxmegoldások \ fm3032.exe MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe . Kiegészítő Scan ------- ------- . FireFox -: Profile - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com / . . File Associations ------- ------- . txtfile = C: \ WINDOWS \ notepad.exe 1% . ************************************************** ************************ CatchMe 0.3.1367 W2K/XP/Vista - Rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 09:42:02 5/1/2600 Windows Service Pack 3 NTFS szkennelés rejtett folyamatok ... scanning hidden autostart entries ... scanning hidden files ... scan sikeresen befejeződött hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ----------------------- -- . C: \ WINDOWS \ System32 \ ati2evxx.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ System32 \ ati2evxx.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ System32 \ searchindexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ System32 \ imapi.exe . ************************************************** ************************ . Teljesítés ideje: 2008-11-01 9:47:03 - a gép újraindítása ComboFix-karantén-files.txt 2008-10-31 22:46:53 Pre-Run: 17476198400 bájt szabad Post-Run: 17429176320 bájt szabad WindowsXP-KB310994-SP2-Pro-BootDisk lemezről-HUN.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ cmdcons \ bootsect.dat = "Microsoft Windows helyreállítási konzol" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect 335 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________________________________ Edit: Én kattintás körül, és én találtam egy ikont, hogy nézett ki, mint uninstall. Rákattintottam, és elkezdte eltávolítani (vagy legalábbis remélem, hogy volt), mert az volt a furcsa szimbólum.
__________________ HI:) |
|
#5
Október 31, 2008, 18:39
| |||
| |||
| Anya letöltött valami SuperAntiSpyware naplót. Rá gyors beolvasás, mert mindig jönnek ki a hibát, amikor nem a teljes ellenőrzést. SUPERAntiSpyware Scan Napló http://www.superantispyware.com Generálva 11/01/2008 at 11:45 Alkalmazás verzió: 4/21/1004 Az alapvető szabályok Database Version: 3618 Trace szabályzat Database Version: 1603 Beolvasás típusa: Quick Scan Összesen beolvasási idő: 00:35:28 Memória beolvasott elem: 490 Memória észlelt fenyegetések: 0 Iktatási tételek Beolvasott: 436 Rendszerleíróadatbázis észlelt fenyegetések: 0 Fájl elem Beolvasott: 33788 File észlelt fenyegetések: 2 Trojan.Vundo-Változata / F C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL
__________________ HI:) |
|
#6
November 1, 2008, 10:16
| |||
| |||
| Anya letöltött valami Üdv ismét Kérjük, ne kattintson rá, vagy fuss tovább scans, ha azt tanácsolom neked, hogy igen. Csak teszi a dolgokat, zavaros nekem - Látom bejegyzés egy naplót, de elment a következő és így tovább - köszönöm. Gyanítom, ez a probléma C: \ Program Files \ YouTube kivéve, ha az anyád egy rajongó a kínai változata YouTube.  Azt akarom, hogy nézd meg ezt a két fájlt talált SAS. Kérjük, látogasson el a: VirusTotal
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL Combofix
Kód: Mappa: C: \ Program Files \ YouTube  Mentés a CFScript.txt, Ugyanazon a helyen, mint ComboFix.exe  Hivatkozva a fenti képen, húzza CFScript bevezet ComboFix.exe. Ha kész, akkor egy log for you at "C: \ ComboFix.txt" Ne mouseclick combofix ablakban miközben fut. Ez azt eredményezheti, hogy az istálló. FIGYELEM! Mindenki más, aki gondolt a fenti szkriptet, azt a saját kockázat - akkor a végére, hogy telepítse újra a Windows! Kérem jelentkezzen be a post C: \ ComboFix.txt A VirusTotal eredmények és új HijackThis Napló további felülvizsgálatra. |
|
#7
November 1, 2008, 16:53
| |||
| |||
| Anya letöltött valami Igen anyám órákat néhány kínai videók ... Nem tudtam megtalálni a kép böngészés közben a VirusTotal. Én is mentem velük a felfedező, és nem talált mind a ketten. Megvan a naplófájlokhoz: ComboFix: ComboFix 08-11-01.01 - VIP 2008-11-02 10:36:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [11:00 GMT] Running From: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe Command kapcsolók használhatók: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt * Létrehozott egy új visszaállítási pontot . Egyéb ((((((((((((((((((((((((((((((((((((((( Törlések ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ YouTube . ((((((((((((((((((((((((( Files létrehozott 2008/10/01 a 2008/11/01 ))))))))))) )))))))))))))))))))) . 2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com 2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes 2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll 2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys 2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntoskrnl.exe 2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Jelentés )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III 2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4 2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-10-22 05:10 38.496 ---- aw C: \ WINDOWS \ System32 \ Drivers \ mbamswissarmy.sys 2008-10-22 05:10 15.504 ---- aw C: \ WINDOWS \ System32 \ Drivers \ mbam.sys 2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream 2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead 2008-09-15 12:12 1.846.400 ---- aw C: \ WINDOWS \ System32 \ Win32k.sys 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ System32 \ Drivers \ srv.sys 2008-08-28 07:46 74.752 ---- aw C: \ WINDOWS \ System32 \ msw3prt.dll 2008-08-28 07:46 104.960 ---- aw C: \ WINDOWS \ System32 \ win32spl.dll 2008-08-26 07:24 826.368 ---- aw C: \ WINDOWS \ System32 \ Wininet.dll 2008-08-14 10:11 2.189.184 ---- aw C: \ WINDOWS \ System32 \ Ntoskrnl.exe 2008-08-14 09:33 2.066.048 ---- aw C: \ WINDOWS \ System32 \ ntkrnlpa.exe 2008-07-29 12:05 32.768 - sha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ History \ History.IE5 \ MSHist012008072920080 730 \ Index.dat . ((((((((((((((((((((((((((((( Snapshot @ 2008-11-01_ 9.46.14.14 ))))))))))) )))))))))))))))))))))))))))))) . - 2008-10-31 22:41:26 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat + 2008-11-01 23:26:02 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Megjegyzés * empty entries & legit default bejegyzések nem jelennek meg REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ System32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NeroFilterCheck" = "C: \ WINDOWS \ System32 \ NeroCheck.e XE" [2001-07-09 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056] "avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ System32 \ Ctfmon.exe" [2008-04-14 15360] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ System] "DisableChangePassword" = 1 (0x1) [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer] "NoAutoUpdate" = 1 (0x1) "MaxRecentDocs" = 1 (0x1) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "UIHost" = "C: \ \ WINDOWS \ \ System32 \ \ logonuiX.exe" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.I420" = i420vfw.dll "aux" = ctwdm32.dll "VIDC.HFYU" = huffyuv.dll "VIDC.X264" = x264vfw.dll "VIDC.3iv2" = 3ivxVfWCodec.dll "VIDC.VP31" = vp31vfw.dll "msacm.l3fhg" = mp3fhg.acm "msacm.ac3filter" = ac3filter.acm [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ ^ Indítópult Adobe Reader Speed Launch.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Indítópult [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ ^ Indítópult Adobe Reader Synchronizer.lnk] backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Indítópult [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ ^ Indítópult WinZip Quick Pick.lnk] backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Indítópult [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Azureus Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Azureus Ultra Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult BitTorrent Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult eMule Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult LimeWire A Startup.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire A Startup.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult LimeWire Turbo Accelerator.lnk] backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult PowerReg scheduler V3.exe] backup = C: \ WINDOWS \ PSS \ PowerReg scheduler V3.exeStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Regisztráció Tom Clancy's Rainbow Six] backup = C: \ WINDOWS \ PSS \ Regisztrációs Tom Clancy's Rainbow SixStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult SpeedFan.lnk] backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult Thoosje Sidebar.lnk] [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings Kevin ^ ^ Start Menu ^ Programs ^ ^ Indítópult WordWeb.lnk] backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-Spyware HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ swg HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader] - a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] - a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools] - a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut] - a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Nyelv \ Language.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task] - a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl] - a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer] -rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam] - a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2] - a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC] - a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent] - a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent] - a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ System32 \ bthprops.cpl [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer] - a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services] "WMPNetworkSvc" = 3 (0x3) "gusvc" = 3 (0x3) "RichVideo" = 2 (0x2) "BthServ" = 2 (0x2) "iPod Service" = 3 (0x3) "Apple Mobile Device" = 2 (0x2) "LiveUpdate Notice Service" = 2 (0x2) "VideoAcceleratorEngine" = 3 (0x3) "Mdm" = 2 (0x2) "IDriverT" = 3 (0x3) "aawservice" = 3 (0x3) "PDEngine" = 3 (0x3) "PDAgent" = 3 (0x3) "PML Driver HPZ12" = 3 (0x3) "CPUCooLServer" = 2 (0x2) "usnjsvc" = 3 (0x3) "AdobeActiveFileMonitor4.0" = 2 (0x2) "WLSetupSvc" = 3 (0x3) "cmdAgent" = 2 (0x2) "FLEXnet Licensing Service" = 3 (0x3) "Bonjour Service" = 2 (0x2) "ose" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo wildwolf \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ Sessmgr.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "<Nincs Neve>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" = "C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo wildwolf \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: *: Disabled: @ xpsp2res.dll, -22009 "15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP "15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP "6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP "6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP R1 aswSP; avast! Saját védelme, C: \ WINDOWS \ System32 \ Drivers \ aswSP.sys [2008-07-20 78416] R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088] R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ System32 \ Drivers \ aswF sBlk.sys [2008-07-20 20560] R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ System32 \ Drivers \ Rock eynt.sys [2005-01-04 18223] R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ System32 \ Drivers \ SBKUPN T. SYS [2001-07-13 14976] S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ System32 \ Drivers \ motccgp.sys [2007-06-18 17920] S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ System32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680] S3 MotDev; Motorola Inc. USB Device, C: \ WINDOWS \ System32 \ Drivers \ motodrv.sys [2007-05-07 42112] S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Driver NT, C: \ WINDOWS \ System32 \ Drivers \ wg111v2.sys [2006-03-16 167808] S3 XDva042; XDva042, C: \ WINDOWS \ System32 \ XDva042.sys [] . Tartalma az "Ütemezett feladatok" mappába 2008/10/01 C: \ WINDOWS \ feladatok \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57] 2008/10/27 C: \ WINDOWS \ feladatok \ Uniblue SpeedUpMyPC Nag.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2007/05/14 C: \ WINDOWS \ feladatok \ Uniblue SpeedUpMyPC.job - C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe [] 2008/10/25 C: \ WINDOWS \ feladatok \ Uniblue SpyEraser Nag.job - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe [] . ************************************************** ************************ CatchMe 0.3.1367 W2K/XP/Vista - Rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 10:39:31 5/1/2600 Windows Service Pack 3 NTFS szkennelés rejtett folyamatok ... scanning hidden autostart entries ... scanning hidden files ... scan sikeresen befejeződött hidden files: 0 ************************************************** ************************ . Teljesítés ideje: 2008-11-02 10:41:44 ComboFix-karantén-files.txt 2008-11-01 23:41:32 ComboFix2.txt 2008-10-31 22:47:05 Pre-Run: 17222828032 bájt szabad Post-Run: 17200967680 bájt szabad 233 --- EOF --- 2008-10-24 09:01:23 __________________________________________________ _________________________ HijackThis: Naplózás A Trend Micro HijackThis v2.0.2 Beolvasás mentett 10:50:19, on 2/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Futó folyamatok: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ System32 \ Services.exe C: \ WINDOWS \ System32 \ Lsass.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Program Files \ Avast4 \ aswUpdSv.exe C: \ Program Files \ Avast4 \ ashServ.exe C: \ WINDOWS \ System32 \ Spoolsv.exe C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ System32 \ SearchIndexer.exe C: \ Program Files \ Avast4 \ ashMaiSv.exe C: \ Program Files \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ System32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ Ctfmon.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Avast4 \ ashDisp.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ int ernet Beállítások, ProxyOverride = helyi O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer letöltése és Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ System32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'HÁLÓZATI SZOLGÁLTATÁS') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ System32 \ Ctfmon.exe (User 'Default user') O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Adatbiztonság csomag \ dapcleanerie.htm O8 - Extra context menu item: & Letöltés a & DAP - C: \ Program Files \ DAP \ dapextie.htm O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm O8 - Extra context menu item: E & xportálás Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikrók ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra button: Kutatás - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikrók ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ System32 \ shdocvw.dll O9 - Extra 'Tools' menuitem:?? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ System32 \ shdocvw.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl osztály) -- http://update.microsoft.com/microsof...?1133040258574 O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: avast! iAVS4 Ellenőrző Szolgálat (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc. - C: \ WINDOWS \ System32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown tulajdonos - C: \ WINDOWS \ System32 \ ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe -- End of file - 6734 bytes
__________________ HI:) |
|
#8
November 2, 2008, 05:29
| |||
| |||
| Anya letöltött valami Szia Ez a két kép nem talált combofix, úgyhogy nem igazán elvárható, hogy ott lesz. Hogyan működik az a rendszer, most? Let's run online keresést. Végezze el az online scan a Panda ActiveScan
|
|
#9
November 3, 2008, 03:07
| |||
| |||
| Anya letöltött valami Idézet:
__________________ HI:) |
|
#10
November 5, 2008, 07:45
| |||
| |||
| Anya letöltött valami Üdv ismét Elnézést, hogy nem kapok vissza akkor előbb - valódi élet helyett foglalt. Hogyan működik az a rendszer, most? Az egyetlen elem PowerRegScheduler - eltávolíthatja, ha akarod. |
