Tak to vypadá vše OK
opravdu moc děkuju
Tady je log za avengeru
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\dokumenty\Administrator\Nabídka Start\Programy\Po spuštění\siszyd32.exe" replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate.
A z ComboFix
ComboFix 10-01-04.01 - Administrator 11.01.2010 13:12:16.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.198 [GMT 1:00]
Spuštěný z: c:\dokumenty\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-11 06:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 06:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 06:49 . 2010-01-11 06:50 -------- d-----w- c:\programy\Malwarebytes' Anti-Malware
2010-01-11 06:44 . 2010-01-11 06:44 -------- d-----w- C:\_OTM
2010-01-04 08:34 . 2010-01-04 08:34 -------- d-sh--w- c:\dokumenty\Administrator\IECompatCache
2010-01-04 08:12 . 2010-01-04 08:12 -------- d-----w- c:\programy\ESET
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\winbox
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\putty
2010-01-04 07:57 . 2010-01-04 07:57 -------- d-----w- c:\programy\MSECache
2010-01-04 07:54 . 2010-01-04 07:54 -------- d-----w- c:\programy\Common Files\Adobe
2010-01-04 07:52 . 2010-01-04 07:52 -------- d-----w- c:\programy\7-Zip
2010-01-04 07:51 . 2007-10-15 10:16 196608 ----a-w- c:\windows\system32\bzpdf101.dll
2010-01-04 07:51 . 2005-09-08 00:03 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\STORMWARE
2010-01-04 07:51 . 2005-09-08 00:03 1330888 ----a-w- c:\windows\system32\msxml6.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\GPLGS
2009-12-24 10:56 . 2009-12-24 10:56 -------- d-sh--w- c:\dokumenty\Administrator\PrivacIE
2009-12-24 10:52 . 2009-12-24 10:52 -------- d-sh--w- c:\dokumenty\Administrator\IETldCache
2009-12-24 10:38 . 2009-12-24 10:38 -------- d-----w- c:\windows\ie8updates
2009-12-24 10:06 . 2009-12-24 10:34 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:06 . 2009-12-24 10:19 -------- d-----w- c:\windows\system32\cs-CZ
2009-12-24 09:37 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-24 09:37 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 09:37 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-24 09:36 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-24 09:36 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 09:36 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-24 09:35 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 22:36 . 2009-12-20 22:36 -------- d-----w- c:\programy\iPod
2009-12-20 22:34 . 2009-12-20 22:39 -------- d-----w- c:\programy\iTunes
2009-12-20 22:27 . 2009-12-20 22:27 -------- d-----w- c:\programy\Bonjour
2009-12-20 22:16 . 2009-12-20 22:23 -------- d-----w- c:\programy\QuickTime
2009-12-20 21:50 . 2009-12-20 21:50 -------- d-----w- c:\programy\Apple Software Update
2009-12-20 19:53 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-20 19:53 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-20 19:53 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-20 19:53 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-17 15:41 . 2010-01-11 07:36 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 12:13 . 2002-09-23 11:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-01-11 12:13 . 2002-09-23 11:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 17:41 . 2009-09-07 12:14 -------- d-----w- c:\programy\Mozilla Thunderbird
2010-01-07 09:18 . 2007-12-18 20:42 -------- d-----w- c:\programy\Common Files\PCSuite
2010-01-07 08:42 . 2008-10-29 09:55 -------- d-----w- c:\programy\LimeWire
2010-01-07 08:30 . 2007-12-18 20:42 -------- d-----w- c:\programy\Nokia
2010-01-07 08:20 . 2007-04-19 19:15 -------- d-----w- c:\programy\BearShare Applications
2010-01-04 08:10 . 2008-10-29 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 08:01 . 2010-01-04 08:01 -------- d-----w- c:\programy\kodeky
2010-01-04 07:49 . 2007-04-14 13:00 -------- d-----w- c:\programy\primopdf
2010-01-04 07:47 . 2007-04-14 12:58 -------- d-----w- c:\programy\DivX
2009-12-20 22:35 . 2007-12-18 23:05 -------- d-----w- c:\programy\Common Files\Apple
2009-12-11 18:00 . 2010-01-04 08:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:43 . 2006-12-16 16:55 916480 ------w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2006-12-16 . A0A035949444D2984A63B08E05EF5EE1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-07_11.28.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-23 11:00 . 2010-01-07 09:01 40326 c:\windows\system32\perfc009.dat
+ 2002-09-23 11:00 . 2010-01-11 12:13 40326 c:\windows\system32\perfc009.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 07:35 . 2010-01-11 07:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 15:41 . 2010-01-11 07:35 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2002-09-23 11:00 . 2010-01-11 12:13 311938 c:\windows\system32\perfh009.dat
- 2002-09-23 11:00 . 2010-01-07 09:01 311938 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programy\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programy\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"LManager"="c:\programy\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"NSLauncher"="c:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programy\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"egui"="c:\programy\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\dokumenty\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2010-1-11 0]
c:\dokumenty\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\programy\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\programy\\LimeWire\\LimeWire.exe"=
"c:\\programy\\ICQ6.5\\ICQ.exe"=
"c:\\programy\\ORmanager\\ORmanager.exe"=
"c:\\programy\\Bonjour\\mDNSResponder.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1ca0983e64f85dc;Služba Google Update (gupdate1ca0983e64f85dc);c:\programy\Google\Update\GoogleUpdate.exe [20.7.2009 22:49 133104]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programy\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumenty\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0epiv8ua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-01-11 13:18
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1770027372-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-01-11 13:21:01
ComboFix-quarantined-files.txt 2010-01-11 12:20
ComboFix2.txt 2010-01-11 11:58
ComboFix3.txt 2010-01-07 11:36
Před spuštěním: Volných bajtů: 82 670 964 736
Po spuštění: Volných bajtů: 82 638 143 488
- - End Of File - - 60730AB34E84E93467C4EAB476E4722D