log z combofixu,zkousel jsem i ten avenger a pise mi to:11:23:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
ComboFix 11-05-05.04 - Tonik 06.05.2011 10:31:45.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.152 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tonik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tonik\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\docume~1\Tonik\LOCALS~1\Temp\Wpm.exe"
"c:\program files\eset\nodenable.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tonik\WINDOWS
c:\program files\Common Files\obacuv.db
c:\program files\Luxor 2
c:\program files\Luxor 2\wraperr.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMON
-------\Legacy_SSHNAS
-------\Legacy_VSDATANT
-------\Service_NOD32FiXTemDono
-------\Service_SSHNAS
-------\Service_vsdatant
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-06 do 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 06:40 . 2011-01-13 07:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-06 06:40 . 2011-01-13 07:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-06 06:40 . 2011-01-13 07:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-06 06:40 . 2011-01-13 07:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-06 06:40 . 2011-01-13 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-06 06:40 . 2011-01-13 07:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-06 06:40 . 2011-01-13 07:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-06 06:39 . 2011-01-13 07:47 38848 ----a-w- c:\windows\avastSS.scr
2011-05-06 06:39 . 2011-01-13 07:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-06 06:39 . 2011-05-06 06:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-05-05 16:41 . 2011-04-10 22:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C01F4EFA-F4A5-4664-9BAD-BD7ABBE6A2A5}\mpengine.dll
2011-05-04 15:27 . 2011-04-10 22:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-03 09:08 . 2011-05-03 09:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-05-03 08:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 08:01 . 2011-05-03 08:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-28 09:31 . 2011-04-28 09:39 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2008-06-23 21:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2002-09-20 16:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-09-20 15:41 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2002-09-20 16:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:08 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-06-23 21:20 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2002-08-28 23:59 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2001-10-25 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2001-10-25 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2002-09-20 16:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-09-20 16:03 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2001-10-25 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2001-10-25 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2009-02-19 4918936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"nwiz"="nwiz.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ZoneAlarm Pro.lnk - c:\program files\Zone Labs\ZoneAlarm\zapro.exe [2008-7-15 422984]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.8.2008 0:48 5248]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [24.6.2008 22:52 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [24.6.2008 22:52 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.5.2011 8:40 294608]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [30.10.2007 10:29 93336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.5.2011 8:40 17744]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3.6.2009 14:46 92008]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [16.11.2009 11:58 52888]
S1 MpKsl0f94dd75;MpKsl0f94dd75;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C01F4EFA-F4A5-4664-9BAD-BD7ABBE6A2A5}\MpKsl0f94dd75.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C01F4EFA-F4A5-4664-9BAD-BD7ABBE6A2A5}\MpKsl0f94dd75.sys [?]
S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [12.2.2009 23:29 519680]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.8.2008 0:48 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.5.2009 0:52 691696]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - VSDATANT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2010-08-28 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
2011-05-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-05-06 c:\windows\Tasks\User_Feed_Synchronization-{900CBAD6-5DF5-4C07-8934-209E90828A2A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to AVI Converter... - c:\program files\MP3 Player Utilities 5.09\AVIConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tonik\Data aplikací\Mozilla\Firefox\Profiles\7jrzywch.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage -
www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: DAEMON Tools Toolbar:
DTToolbar@toolbarnet.com - %profile%\extensions\
DTToolbar@toolbarnet.com
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-nodenable - c:\program files\eset\nodenable.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-05-06 10:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Peugeot 406 Mod]
"Install Dir"="c:\\Program Files\\Need For Speed Most Wanted"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Celkový čas: 2011-05-06 11:06:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-06 09:06
ComboFix2.txt 2010-01-08 17:57
ComboFix3.txt 2008-08-28 17:24
ComboFix4.txt 2008-08-28 08:31
ComboFix5.txt 2011-05-06 08:17
.
Před spuštěním: Volných bajtů: 10 278 453 248
Po spuštění: Volných bajtů: 16 285 777 920
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 8D9B611F0E8B7F4CD87A811815CCE23B