PC-HELP.CZ

ComboFix 09-03-27.02 - Lenka 2009-03-28 20:28:45.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.502.146 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lenka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090327-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lenka\Data aplikací\wiaserva.log
c:\documents and settings\Lenka\Lenka.exe
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-28 do 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-28 08:16 . 2005-01-23 12:37 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-03-28 08:16 . 2005-01-23 12:37 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-03-28 08:16 . 2005-01-23 12:37 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-03-28 08:16 . 2005-01-23 12:52 <DIR> dr------- c:\documents and settings\Administrator\Oblíbené položky
2009-03-28 08:16 . 2005-01-23 12:37 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-03-28 08:16 . 2005-01-23 12:37 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-03-28 08:16 . 2005-01-23 12:52 <DIR> dr------- c:\documents and settings\Administrator\Dokumenty
2009-03-28 08:16 . 2005-01-23 12:37 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-03-28 08:16 . 2009-03-28 08:16 <DIR> d-------- c:\documents and settings\Administrator
2009-03-28 07:47 . 2009-03-28 07:48 17,920 --a------ c:\windows\system32\mmmtjstj.dll
2009-03-25 19:10 . 2008-06-14 18:35 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-25 19:08 . 2008-08-14 14:26 2,191,360 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-25 19:08 . 2008-08-14 14:26 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-25 19:08 . 2008-08-14 14:26 2,068,224 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-25 19:08 . 2008-08-14 14:26 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-25 19:08 . 2008-04-11 20:06 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-25 19:08 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-25 19:08 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-25 19:08 . 2008-12-11 11:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-03-25 19:08 . 2008-05-08 15:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-03-25 17:08 . 2009-03-25 17:08 <DIR> d-------- c:\windows\system32\cs
2009-03-25 17:08 . 2009-03-25 17:08 <DIR> d-------- c:\windows\system32\bits
2009-03-25 17:08 . 2009-03-25 17:08 <DIR> d-------- c:\windows\l2schemas
2009-03-25 17:05 . 2009-03-25 17:05 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-25 16:53 . 2009-03-25 16:53 <DIR> d-------- c:\windows\EHome
2009-03-18 17:46 . 2009-03-18 17:46 <DIR> d-------- c:\program files\Čistič

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 11:34 --------- d-----w c:\program files\GRETECH
2009-02-25 11:34 --------- d-----w c:\documents and settings\Lenka\Data aplikací\GRETECH
2009-02-25 11:34 --------- d-----w c:\documents and settings\Lenka\Data aplikací\GRETECH
2009-02-25 11:34 --------- d-----w c:\documents and settings\Lenka\Data aplikací\GRETECH
2009-02-10 20:35 --------- d-----w c:\documents and settings\Lenka\Data aplikací\Apple Computer
2009-02-10 20:35 --------- d-----w c:\documents and settings\Lenka\Data aplikací\Apple Computer
2009-02-10 20:35 --------- d-----w c:\documents and settings\Lenka\Data aplikací\Apple Computer
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:07 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-16 20:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2007-11-23 17:07 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-11-23 16:52 22,625,064 ----a-w c:\program files\SkypeSetup.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"RemoteControl"="d:\programy\Power DVD\PDVDServ.exe" [2004-11-02 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MysMas1"="c:\program files\Petit\MysMas1\MysMas1.exe" [2004-01-13 411136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\mmmhdvhw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\OLYMPUS\\OLYMPUS Master 2\\MMonitor.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\SoftwareDistribution\\Download\\8fb85d68ee3649be8b622da7b69408ee\\update\\update.exe"=
"c:\\WINDOWS\\System32\\shmgrate.exe"=
"c:\\Program Files\\Petit\\MysMas1\\MysMas1.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\OpenOffice.org 2.3\\program\\soffice.exe"=
"c:\\Program Files\\OpenOffice.org 2.3\\program\\soffice.BIN"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\WINDOWS\\System32\\dwwin.exe"=
"c:\\WINDOWS\\System32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\ssstars.scr"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"=
"c:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe"=
"c:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe"=
"d:\\Programy\\Power DVD\\PDVDServ.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\Program Files\\Common Files\\Nero\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Documents and Settings\\Lenka\\Local Settings\\Temp\\RtkBtMnt.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\WINDOWS\\System32\\netsh.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe"=
"c:\\WINDOWS\\System32\\taskmgr.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Launch Manager\\LManager.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-27 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-27 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2007-09-06 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2007-09-06 78208]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-04-13 6852]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S2 i386si;i386si;\??\c:\windows\system32\drivers\i386si.sys --> c:\windows\system32\drivers\i386si.sys [?]
S2 ksi32sk;ksi32sk;\??\c:\windows\system32\drivers\ksi32sk.sys --> c:\windows\system32\drivers\ksi32sk.sys [?]
S2 netsik;netsik;\??\c:\windows\system32\drivers\netsik.sys --> c:\windows\system32\drivers\netsik.sys [?]
S2 nicsk32;nicsk32;\??\c:\windows\system32\drivers\nicsk32.sys --> c:\windows\system32\drivers\nicsk32.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?]
S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Lenka - c:\documents and settings\Lenka\Lenka.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 20:32:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\relog_ap.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\docume~1\Lenka\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2009-03-28 20:34:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-28 19:34:38

Před spuštěním: Volných bajtů: 43 507 449 856
Po spuštění: Volných bajtů: 43,431,297,024

232 --- E O F --- 2009-03-25 19:16:12

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\mmmtjstj.dll
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\fips32cup.sys
c:\windows\system32\drivers\i386si.sys
c:\windows\system32\drivers\ksi32sk.sys
c:\windows\system32\drivers\netsik.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\drivers\ws2_32sik.sys

Driver::
amd64si
fips32cup
i386si
ksi32sk
netsik
nicsk32
port135sik
securentm
systemntmi
ws2_32sik

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\program files\Petit\MysMas1\MysMas1.exe
Vlož sem pak odkaz výsledku.

PC-HELP.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu