Porty vs Registry

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 20:45

ten nod32 bola trial verze a ta uz je nejmin 3 dni odinstalovana. ostatni delam dle tvych pokynu. nevis kam se do registru zapisuji obmedzeni pro porty a caosvy interval otevreneho portu?

Reklama

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 20:58

ComboFix 09-05-19.04 - Black Dragon 19.05.2009 20:51.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2837 [GMT 2:00]
Spuštěný z: c:\documents and settings\Black Dragon\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Black Dragon\Plocha\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FILE ::
c:\windows\nod32restoretemdono.reg
c:\windows\system32\bdod.bin
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\nod32restoretemdono.reg
c:\windows\system32\bdod.bin
c:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-19 do 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-19 16:57 . 2009-05-19 17:07 -------- d-----w c:\program files\RegistryFix7
2009-05-19 16:34 . 2009-05-19 16:49 -------- d-----w c:\program files\RegCure
2009-05-19 15:58 . 2009-05-19 15:58 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-05-19 15:58 . 2009-05-19 15:58 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-19 15:58 . 2009-05-19 15:58 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-19 15:58 . 2008-04-14 03:22 137216 ----a-w c:\windows\system32\T.COM
2009-05-19 15:58 . 2008-04-14 03:22 147968 ----a-w c:\windows\R.COM
2009-05-19 15:58 . 2009-05-19 15:58 -------- d-----w c:\program files\Common Files\MicroWorld
2009-05-19 03:19 . 2009-05-19 03:19 -------- d-----w c:\program files\trend micro
2009-05-19 03:19 . 2009-05-19 03:20 -------- d-----w C:\rsit
2009-05-18 22:11 . 2009-05-18 22:12 -------- d-----w c:\program files\ICQ6.5
2009-05-18 16:03 . 2009-05-18 16:03 -------- d-----w c:\program files\BitDefender
2009-05-18 16:02 . 2009-05-18 16:03 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-18 02:03 . 2006-08-07 08:37 202240 ----a-w c:\windows\system32\fdco1.dll
2009-05-18 02:03 . 2006-08-07 08:39 52736 ----a-r c:\windows\system32\drivers\NVENETFD.sys
2009-05-18 01:03 . 2009-05-18 01:03 -------- d-----w c:\windows\NV5802956.TMP
2009-05-17 21:50 . 2009-05-19 17:56 -------- d-----w c:\program files\Steam
2009-05-10 19:02 . 2009-05-11 01:36 -------- d-----w c:\program files\MediaCoder
2009-05-07 01:51 . 2009-05-08 00:17 126976 ----a-w c:\windows\system32\UAService7.exe
2009-05-07 01:51 . 2009-05-07 01:51 90112 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-07 01:38 . 2009-05-07 01:38 -------- d-----w c:\program files\JoWooD
2009-05-06 13:49 . 2009-05-06 13:49 -------- d-----w c:\program files\Nsasoft
2009-05-06 13:35 . 2009-05-06 15:05 -------- d-----w c:\program files\War Chess2
2009-05-05 08:54 . 2009-05-05 08:54 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-05 08:54 . 2009-05-08 15:39 -------- d-----w c:\program files\Hamachi
2009-05-02 18:37 . 2009-05-02 18:37 -------- d-----w c:\program files\directx
2009-05-02 17:11 . 2009-05-07 13:14 -------- d-----w c:\program files\WinAce
2009-05-01 16:40 . 2009-05-06 09:34 -------- d-----w c:\windows\system32\796525
2009-04-30 15:07 . 2009-05-18 01:38 -------- d-----w c:\program files\PowerArchiver
2009-04-29 15:20 . 2009-04-29 15:20 -------- d-----w c:\program files\Cutter 4
2009-04-29 15:19 . 2009-05-01 16:32 -------- d-----w c:\program files\ZipGenius 6
2009-04-27 03:24 . 2006-04-13 09:30 1073152 ----a-w c:\windows\system32\libmysql_c.dll
2009-04-27 03:24 . 2009-04-27 03:24 -------- d-----w c:\program files\PremiumSoft
2009-04-27 03:17 . 2009-04-27 03:17 -------- d-----w c:\program files\WoW Private Server Launcher
2009-04-26 15:55 . 2009-04-26 15:55 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-26 15:52 . 2004-07-09 06:43 364544 ------w c:\windows\system32\TwnLib4.dll
2009-04-26 15:52 . 2000-06-26 08:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-26 15:52 . 2004-07-26 14:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-04-26 15:52 . 2004-07-26 14:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-04-26 15:52 . 2004-07-26 14:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-04-26 15:52 . 2004-07-26 14:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-04-26 15:52 . 2001-07-09 08:50 155648 ----a-w c:\windows\system32\nerocheck .exe
2009-04-26 15:49 . 2005-07-12 16:06 2973696 ------w c:\windows\NuNinst.exe
2009-04-26 15:49 . 2009-04-26 15:51 -------- d-----w c:\program files\Common Files\Ahead
2009-04-26 15:49 . 2005-07-08 14:17 8704 ------w c:\windows\system32\drivers\InCDrec.sys
2009-04-26 15:49 . 2005-07-08 14:17 29696 ------w c:\windows\system32\drivers\InCDpass.sys
2009-04-26 15:49 . 2005-07-08 14:17 99584 ------w c:\windows\system32\drivers\InCDfs.sys
2009-04-26 15:49 . 2005-07-08 14:17 28672 ------w c:\windows\system32\drivers\InCDrm.sys
2009-04-26 15:49 . 2009-04-26 15:49 -------- d-----w c:\windows\InCD
2009-04-26 15:49 . 2009-04-26 15:53 -------- d-----w c:\program files\Ahead
2009-04-26 15:47 . 2004-10-01 13:00 40960 ----a-w c:\program files\Uninstall_CDS.exe
2009-04-23 16:53 . 2009-04-23 16:53 -------- d-----w c:\program files\MSBuild
2009-04-23 11:14 . 2009-04-23 11:14 -------- d-----w c:\windows\Logs
2009-04-23 11:01 . 2009-04-23 11:01 -------- d-----w C:\DX
2009-04-22 16:13 . 2009-05-19 14:16 -------- d-----w C:\download
2009-04-22 01:04 . 2009-04-22 01:04 -------- d-----w c:\windows\aod
2009-04-22 01:04 . 2009-05-18 22:10 -------- d-----w c:\program files\ICQ
2009-04-21 17:41 . 2009-04-21 17:41 -------- d-----w c:\program files\VentriloMIX
2009-04-21 01:54 . 2009-04-21 01:54 -------- d-----w c:\program files\DFX
2009-04-21 01:53 . 2009-04-21 01:53 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 01:40 . 2009-04-21 01:40 -------- d-----w C:\vnt

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 22:12 . 2009-03-30 12:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-18 01:35 . 2009-04-14 00:12 -------- d-----w c:\program files\ConMet
2009-05-17 21:43 . 2009-03-31 08:35 -------- d-----w c:\program files\Windows Desktop Search
2009-05-17 21:40 . 2009-04-13 23:57 -------- d-----w c:\program files\CyberLink
2009-05-17 21:39 . 2006-03-02 12:00 494648 ----a-w c:\windows\system32\perfh005.dat
2009-05-17 21:39 . 2006-03-02 12:00 103962 ----a-w c:\windows\system32\perfc005.dat
2009-05-17 21:37 . 2009-03-31 08:49 -------- d-----w c:\program files\Windows Live
2009-05-13 21:54 . 2009-03-31 15:07 -------- d-----w c:\program files\World of Warcraft
2009-05-11 16:39 . 2009-04-19 03:23 -------- d-----w c:\program files\War Chess
2009-05-02 18:36 . 2009-04-17 20:02 47104 ----a-w c:\windows\system32\KMVIDC32.DLL
2009-04-26 15:42 . 2009-04-15 03:22 -------- d-----w c:\program files\BitComet
2009-04-23 16:53 . 2009-04-15 20:46 -------- d-----w c:\program files\MSXML 4.0
2009-04-19 03:23 . 2009-04-19 03:23 -------- d-----w c:\program files\ReflexiveArcade
2009-04-18 00:41 . 2009-04-18 00:41 -------- d-----w c:\program files\Razer
2009-04-17 19:15 . 2009-04-17 19:15 -------- d-----w c:\program files\TryMedia
2009-04-14 00:13 . 2009-04-14 00:13 -------- d-----w c:\program files\Common Files\CyberLink
2009-04-14 00:12 . 2009-04-14 00:12 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-04-11 12:33 . 2009-04-11 11:23 -------- d-----w c:\program files\Common Files\Adobe
2009-04-08 01:46 . 2009-04-08 01:46 -------- d-----w c:\program files\Ubisoft
2009-04-07 19:36 . 2009-04-07 19:06 -------- d-----w c:\program files\3D Driving-School
2009-04-06 04:32 . 2009-04-06 04:32 -------- d-----w c:\program files\Alcohol Soft
2009-03-31 23:25 . 2009-03-31 23:25 -------- d-----w c:\program files\Imager
2009-03-31 23:05 . 2009-03-31 23:05 -------- d-----w c:\program files\Robster Productions
2009-03-31 16:32 . 2009-03-31 15:07 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-31 15:11 . 2009-03-31 15:11 -------- d-----w c:\program files\Codec Pack - All In 1
2009-03-31 15:11 . 2009-03-31 15:11 -------- d-----w c:\program files\DivX
2009-03-31 15:11 . 2009-03-31 15:11 737280 ----a-w c:\windows\iun6002.exe
2009-03-31 08:50 . 2009-03-31 08:50 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-31 08:49 . 2009-03-31 08:49 -------- d-----w c:\program files\Microsoft
2009-03-31 08:40 . 2009-03-31 08:40 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-31 08:37 . 2009-03-31 08:37 -------- d-----w c:\program files\Reference Assemblies
2009-03-31 08:34 . 2009-03-31 08:34 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\ASUS
2009-03-30 12:17 . 2009-03-30 12:07 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-30 12:14 . 2009-03-30 12:14 -------- d-----w c:\program files\Analog Devices
2009-03-30 12:11 . 2009-03-30 12:05 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-30 12:05 . 2009-03-30 12:05 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-30 12:03 . 2009-03-30 12:03 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-30 11:41 . 2009-03-30 11:41 -------- d-----w c:\program files\microsoft frontpage
2009-03-30 11:37 . 2009-03-30 11:37 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-21 14:09 . 2006-03-02 12:00 32768 ----a-w c:\windows\system32\qmco.dll
2009-03-06 14:23 . 2006-03-02 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:13 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\DX ----

2008-10-27 08:38 . 2008-10-27 08:38 95056 ----a-w c:\dx\DSETUP.dll
2008-10-27 08:38 . 2008-10-27 08:38 4163646 ----a-w c:\dx\Apr2006_MDX1_x86_Archive.cab
2008-10-27 08:38 . 2008-10-27 08:38 13265184 ----a-w c:\dx\dxnt.cab
2008-10-27 08:38 . 2008-10-27 08:38 1803074 ----a-w c:\dx\Nov2007_d3dx9_36_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1907944 ----a-w c:\dx\Nov2008_d3dx9_40_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1608374 ----a-w c:\dx\APR2007_d3dx9_33_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1801176 ----a-w c:\dx\AUG2007_d3dx9_35_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1709168 ----a-w c:\dx\AUG2007_d3dx9_35_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1795100 ----a-w c:\dx\Aug2008_d3dx9_39_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1793624 ----a-w c:\dx\JUN2008_d3dx9_38_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1770878 ----a-w c:\dx\Mar2008_d3dx9_37_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1710376 ----a-w c:\dx\Nov2007_d3dx9_36_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1607055 ----a-w c:\dx\APR2007_d3dx9_33_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1572170 ----a-w c:\dx\DEC2006_d3dx9_32_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1575392 ----a-w c:\dx\DEC2006_d3dx9_32_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1608790 ----a-w c:\dx\JUN2007_d3dx9_34_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1608302 ----a-w c:\dx\JUN2007_d3dx9_34_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1465688 ----a-w c:\dx\Aug2008_d3dx9_39_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1358992 ----a-w c:\dx\Dec2005_d3dx9_28_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1363812 ----a-w c:\dx\Feb2006_d3dx9_29_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1464894 ----a-w c:\dx\JUN2008_d3dx9_38_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1551228 ----a-w c:\dx\Nov2008_d3dx9_40_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1413918 ----a-w c:\dx\OCT2006_d3dx9_31_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1398846 ----a-w c:\dx\Apr2006_d3dx9_30_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1351558 ----a-w c:\dx\Aug2005_d3dx9_27_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1444298 ----a-w c:\dx\Mar2008_d3dx9_37_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1348370 ----a-w c:\dx\Apr2005_d3dx9_25_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1116237 ----a-w c:\dx\Apr2006_d3dx9_30_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1156507 ----a-w c:\dx\BDANT.cab
2008-10-27 08:38 . 2008-10-27 08:38 1080472 ----a-w c:\dx\Dec2005_d3dx9_28_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1248515 ----a-w c:\dx\Feb2005_d3dx9_24_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1337018 ----a-w c:\dx\Jun2005_d3dx9_26_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1128233 ----a-w c:\dx\OCT2006_d3dx9_31_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1079978 ----a-w c:\dx\Apr2005_d3dx9_25_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 97833 ----a-w c:\dx\APR2007_xinput_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 1078660 ----a-w c:\dx\Aug2005_d3dx9_27_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1014241 ----a-w c:\dx\Feb2005_d3dx9_24_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1085736 ----a-w c:\dx\Feb2006_d3dx9_29_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 1065941 ----a-w c:\dx\Jun2005_d3dx9_26_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 94750 ----a-w c:\dx\Mar2008_XACT_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 995154 ----a-w c:\dx\Nov2008_d3dx10_40_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 122810 ----a-w c:\dx\Nov2008_XACT_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 917446 ----a-w c:\dx\Apr2006_MDX1_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 853302 ----a-w c:\dx\AUG2007_d3dx10_35_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 868628 ----a-w c:\dx\Aug2008_d3dx10_39_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 976164 ----a-w c:\dx\BDAXP.cab
2008-10-27 08:38 . 2008-10-27 08:38 45464 ----a-w c:\dx\dxdllreg_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 96053 ----a-w c:\dx\dxupdate.cab
2008-10-27 08:38 . 2008-10-27 08:38 868844 ----a-w c:\dx\JUN2008_d3dx10_38_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 850935 ----a-w c:\dx\JUN2008_d3dx10_38_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 94144 ----a-w c:\dx\JUN2008_XACT_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 865616 ----a-w c:\dx\Nov2007_d3dx10_36_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 966445 ----a-w c:\dx\Nov2008_d3dx10_40_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 55538 ----a-w c:\dx\Nov2008_X3DAudio_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 88117 ----a-w c:\dx\Apr2006_xinput_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 54318 ----a-w c:\dx\APR2007_xinput_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 88158 ----a-w c:\dx\AUG2006_xinput_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 47074 ----a-w c:\dx\AUG2006_xinput_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 850183 ----a-w c:\dx\Aug2008_d3dx10_39_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 94028 ----a-w c:\dx\Aug2008_XACT_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 56170 ----a-w c:\dx\JUN2008_X3DAudio_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 22921 ----a-w c:\dx\JUN2008_X3DAudio_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 845900 ----a-w c:\dx\Mar2008_d3dx10_37_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 819276 ----a-w c:\dx\Mar2008_d3dx10_37_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 56074 ----a-w c:\dx\Mar2008_X3DAudio_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 47160 ----a-w c:\dx\NOV2007_X3DAudio_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 19512 ----a-w c:\dx\NOV2007_X3DAudio_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 22867 ----a-w c:\dx\Nov2008_X3DAudio_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 93700 ----a-w c:\dx\Nov2008_XACT_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 87053 ----a-w c:\dx\Oct2005_xinput_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 46375 ----a-w c:\dx\Oct2005_xinput_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 47026 ----a-w c:\dx\Apr2006_xinput_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 699628 ----a-w c:\dx\APR2007_d3dx10_33_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 797883 ----a-w c:\dx\AUG2007_d3dx10_35_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 700060 ----a-w c:\dx\JUN2007_d3dx10_34_x64.cab
2008-10-27 08:38 . 2008-10-27 08:38 22883 ----a-w c:\dx\Mar2008_X3DAudio_x86.cab
2008-10-27 08:38 . 2008-10-27 08:38 804900 ----a-w c:\dx\Nov2007_d3dx10_36_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 696881 ----a-w c:\dx\APR2007_d3dx10_33_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 272384 ----a-w c:\dx\Aug2008_XAudio_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 270858 ----a-w c:\dx\Aug2008_XAudio_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 699488 ----a-w c:\dx\JUN2007_d3dx10_34_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 270644 ----a-w c:\dx\JUN2008_XAudio_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 274976 ----a-w c:\dx\Nov2008_XAudio_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 273627 ----a-w c:\dx\Nov2008_XAudio_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 199112 ----a-w c:\dx\AUG2007_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 270040 ----a-w c:\dx\JUN2008_XAudio_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 252210 ----a-w c:\dx\Mar2008_XAudio_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 227266 ----a-w c:\dx\Mar2008_XAudio_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 213823 ----a-w c:\dx\DEC2006_d3dx10_00_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 193491 ----a-w c:\dx\DEC2006_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 198138 ----a-w c:\dx\JUN2007_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 196782 ----a-w c:\dx\APR2007_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 183919 ----a-w c:\dx\AUG2006_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 192736 ----a-w c:\dx\DEC2006_d3dx10_00_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 195691 ----a-w c:\dx\FEB2007_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 197778 ----a-w c:\dx\NOV2007_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 183377 ----a-w c:\dx\OCT2006_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 180149 ----a-w c:\dx\Apr2006_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 154028 ----a-w c:\dx\AUG2007_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 179375 ----a-w c:\dx\Feb2006_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 181801 ----a-w c:\dx\JUN2006_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 152241 ----a-w c:\dx\APR2007_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 153925 ----a-w c:\dx\JUN2007_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 138251 ----a-w c:\dx\AUG2006_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 146615 ----a-w c:\dx\DEC2006_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 148999 ----a-w c:\dx\FEB2007_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 149280 ----a-w c:\dx\NOV2007_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 139033 ----a-w c:\dx\OCT2006_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 122840 ----a-w c:\dx\Aug2008_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 133425 ----a-w c:\dx\Feb2006_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 134687 ----a-w c:\dx\JUN2006_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 122070 ----a-w c:\dx\JUN2008_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 123352 ----a-w c:\dx\Mar2008_XACT_x64.cab
2008-10-27 08:37 . 2008-10-27 08:37 134119 ----a-w c:\dx\Apr2006_XACT_x86.cab
2008-10-27 08:37 . 2008-10-27 08:37 1692496 ----a-w c:\dx\dsetup32.dll
2008-10-27 08:36 . 2008-10-27 08:36 526160 ----a-w c:\dx\DXSETUP.exe

---- Directory of c:\windows\system32\796525 ----

------- Sigcheck -------

[7] 2006-03-02 12:00 14336 DFBA2915B0BF58ABB288CD4C9318CB3F c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 03:22 14336 BE4A520E29B6391F49E79CCC52044D93 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\svchost.exe
[-] 2008-04-14 03:22 17408 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\svchost.exe

[7] 2006-03-02 12:00 502272 221C29AE1B4CC61D11D8B27DE78B2307 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\winlogon.exe
[-] 2008-04-14 03:22 512000 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\winlogon.exe

[7] 2009-02-09 11:18 111104 3D107D45CCFDB266E91D84B52CD7F430 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2006-03-02 12:00 108544 6E401E61F952FBBF708AFBECEFAFAE81 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\ServicePackFiles\i386\services.exe
[7] 2008-04-14 03:22 108544 F0D2AE69035092BF22DAD6B50FAB85C2 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\services.exe
[-] 2009-02-09 11:25 113152 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\services.exe

[7] 2006-03-02 12:00 13312 82A362FE1D4980B71B588D9C10748511 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 03:22 13312 ED0A176354487CEED65B80A7148AB739 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\lsass.exe
[-] 2008-04-14 03:22 14848 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\lsass.exe

[7] 2006-03-02 12:00 57856 21B6FAA88044A41640E03EBB68BE93E8 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 03:22 57856 CB1090BCA0E7B40D0B5B4E4D66531809 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\spoolsv.exe
[-] 2008-04-14 03:22 58880 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 203928]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vgCUwim"= {F0CA53DF-5A60-F975-D64A-8AEEC1FB2CC1} - c:\windows\system32\qmco.dll [2009-03-21 32768]

[HKLM\~\startupfolder\C:^Documents and Settings^Black Dragon^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)
"Apache2.2"=2 (0x2)
"InCDsrv"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"d:\\AC Web Ultimate Repack\\Server\\mysql\\bin\\mysqld.exe"=
"d:\\AC Web Ultimate Repack\\Arcemu\\arcemu-logonserver.exe"=
"d:\\AC Web Ultimate Repack\\Arcemu\\arcemu-world.exe"=
"c:\\Program Files\\War Chess\\WarChess.RWG"=
"d:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [31.3.2009 10:51 55152]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 17408]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2.6.2008 15:16 86792]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2.3.2006 14:00 69120]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [18.4.2009 2:42 19020]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S4 Apache2.2;Apache2.2;d:\ac web ultimate repack\Server\apache\bin\apache.exe [27.4.2009 1:23 17408]
S4 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
bdx REG_MULTI_SZ scan
.
Obsah adresáře 'Naplánované úlohy'

2009-05-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:55]

2009-05-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:55]
.
.
------- Doplňkový sken -------
.
Trusted Zone: google.sk\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 20:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,b7,4d,c9,0c,a1,12,be,f5,b9,39,0a,82,56,9d,45,a6,0a,93,dc,8d,d4,29,
b6,4a,82,5c,f6,8f,c5,a5,08,7f,de,f4,a2,85,8a,f9,26,47,e6,37,d2,78,67,f7,e2,\
"??"=hex:f8,43,d2,c3,46,2a,e9,59,31,a1,14,64,a9,af,d1,bd
.
Celkový čas: 2009-05-19 20:53
ComboFix-quarantined-files.txt 2009-05-19 18:53
ComboFix2.txt 2009-05-19 17:43

Před spuštěním: Volných bajtů: 53 228 068 864
Po spuštění: Volných bajtů: 53 213 724 672

377 --- E O F --- 2009-05-13 18:38

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 20:59

Logfile of HijackThis v1.97.7
Scan saved at 20:54:22, on 19.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Black Dragon\Plocha\zaloha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O9 - Extra button: BitComet (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: ICQ6 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ6 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8482354671

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 21:00

http://www.virustotal.com/cs/analisis/1 ... d369360a36

len tento jeden mi odoslalo na net. ostatne len bezal ze odosiela ale nic viac.

Příspěvekod **jaro3** » 19 kvě 2009 21:11

Ok
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"vgCUwim"=- 

:Files
c:\windows\system32\qmco.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pak sem ještě vlož nový log z hJT.

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 21:13

a co s tymi portami?

Příspěvekod **jaro3** » 19 kvě 2009 21:17

Já to potřebuji odvirovat a vyčistit, na porty nejsem odborník , eventuálně dáš téma do jiné sekce.

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 21:18

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\qmco.dll
c:\windows\system32\qmco.dll NOT unregistered.
File move failed. c:\windows\system32\qmco.dll scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\etilqs_bHCsGuzzNxMp0Iz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\etilqs_CcxfUfypdy3J7wH scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\etilqs_laTAz5oSc8MPYdx scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\Perflib_Perfdata_300.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\tmp00007731\tmp00000000 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_211020

Files moved on Reboot...
DllUnregisterServer procedure not found in c:\windows\system32\qmco.dll
c:\windows\system32\qmco.dll NOT unregistered.
File move failed. c:\windows\system32\qmco.dll scheduled to be moved on reboot.
File C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\etilqs_bHCsGuzzNxMp0Iz not found!
File C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\etilqs_CcxfUfypdy3J7wH not found!
File C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\etilqs_laTAz5oSc8MPYdx not found!
File C:\DOCUME~1\BLACKD~1\LOCALS~1\Temp\Perflib_Perfdata_300.dat not found!
C:\WINDOWS\temp\tmp00007731\tmp00000000 moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_724.dat moved successfully.

Příspěvekod **jaro3** » 19 kvě 2009 21:22

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vlož ještě ten nový log z HJT.

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 21:24

Logfile of HijackThis v1.97.7
Scan saved at 21:19:29, on 19.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\Documents and Settings\Black Dragon\Plocha\zaloha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O9 - Extra button: BitComet (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: ICQ6 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ6 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8482354671

FireBlackDragon · Příspěvekod **FireBlackDragon** » 19 kvě 2009 21:25

vies mi poradit kam dat tie porty abo komu napisat?

CZechBoY · Příspěvekod **CZechBoY** » 19 kvě 2009 21:27

Nějakej starej HJT ne ? a ani není celej se mi zdá.

Porty vs Registry Vyřešeno

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Re: Porty vs Registry

Kdo je online