dobry den dakujem vam za pomoc tu posielam moj log
ComboFix 10-10-30.05 - Martin 31.10.2010 12:30:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.710 [GMT 1:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.
2010-10-31 08:07 . 2010-10-31 08:07 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-10-30 16:32 . 2010-10-30 16:32 -------- d-----w- c:\program files\Realtek Sound Manager
2010-10-30 13:54 . 2010-10-30 13:54 -------- d-----w- c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-30 13:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 13:54 . 2010-10-30 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-30 13:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-28 07:55 . 2010-10-28 08:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-10-27 12:19 . 2010-10-29 19:35 -------- d-----w- c:\program files\Realtek
2010-10-27 12:19 . 2010-09-29 11:11 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-10-27 12:19 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-10-27 12:19 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-10-27 12:19 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-10-27 12:19 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-10-27 12:19 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-10-27 12:19 . 2010-10-27 12:19 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-10-27 12:18 . 2010-10-27 12:18 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-10-26 20:03 . 2010-10-26 20:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-26 20:02 . 2010-10-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-10-26 20:02 . 2010-10-26 20:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-22 13:44 . 2010-10-22 13:44 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\The Lord of the Rings Online
2010-10-22 13:15 . 2010-10-22 13:15 -------- d-----w- c:\documents and settings\Martin\Application Data\Turbine
2010-10-22 13:14 . 2010-10-22 13:14 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\Turbine
2010-10-18 08:57 . 2010-10-18 09:13 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-18 08:57 . 2010-10-18 09:13 139264 ----a-w- c:\windows\War3Unin.exe
2010-10-10 07:56 . 2010-10-10 07:56 -------- d-----w- c:\documents and settings\Martin\Application Data\LolClient
2010-10-10 06:45 . 2010-10-10 06:45 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\RapidSharing.eu
2010-10-10 06:12 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-10-10 06:12 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-10-10 06:12 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-10-10 06:12 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-10-10 06:12 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-09 16:18 . 2010-10-26 20:02 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\PMB Files
2010-10-09 16:17 . 2010-10-22 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-10-09 15:55 . 2010-10-09 15:55 -------- d-----w- c:\program files\Pando Networks
2010-10-09 10:52 . 2010-10-09 10:52 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\ESET
2010-10-09 10:50 . 2010-10-09 10:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-10-09 08:41 . 2010-10-09 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-09 07:51 . 2010-10-09 07:51 -------- d-----w- c:\documents and settings\Martin\Application Data\AVG10
2010-10-09 07:47 . 2010-10-09 07:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-09 07:46 . 2010-10-09 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-09 07:36 . 2010-10-09 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-09 07:22 . 2010-10-09 07:22 -------- d-----w- c:\documents and settings\Martin\Application Data\ESET
2010-10-09 07:21 . 2010-10-09 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-08 22:49 . 2010-10-08 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 17:47 . 2010-07-25 18:19 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-10-08 18:52 . 2010-09-14 15:06 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-08-04 09:50 . 2010-08-04 09:50 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 11:28 . 2010-08-03 11:28 55256 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programy\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Warkeys Update.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Warkeys Update.lnk
backup=c:\windows\pss\Warkeys Update.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programy\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\programy\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 21:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\programy\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Programy\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\World of Warcraft\\Launcher.exe"=
"c:\\Hry\\World of Warcraft\\Blizzard Updater.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56673:TCP"= 56673:TCP:Pando Media Booster
"56673:UDP"= 56673:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 15:27 25680]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2010 18:47 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.8.2010 15:06 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 ekrn;ESET Service;c:\programy\ESET Smart Security\ekrn.exe [12.8.2010 13:16 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\programy\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\programy\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.8.2010 15:06 65576]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Martin\LOCALS~1\Temp\YXU4C.tmp --> c:\docume~1\Martin\LOCALS~1\Temp\YXU4C.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\plugins\UI\safedrv.sys --> c:\programy\Garena\plugins\UI\safedrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=15183&l=dis
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\yfoqkveu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://
www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://
www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programy\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\programy\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programy\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\programy\Reader 9.0\Reader\browser\nppdf32.dll
---- FIREFOX POLICIES ----
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programy\Mozzilla\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programy\Mozzilla\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\programy\Mozzilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-AVG9_TRAY - c:\programy\AVG\AVG9\avgtray.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-10-31 12:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Martin\LOCALS~1\Temp\YXU4C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-842925246-2000478354-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1332)
c:\windows\system32\msi.dll
.
Completion time: 2010-10-31 12:40:28
ComboFix-quarantined-files.txt 2010-10-31 11:40
Pre-Run: 37 494 886 400 bytes free
Post-Run: 38 071 308 288 bytes free
- - End Of File - - 7C82A35C93142332023654839E9BEFB8
