Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

ctfmon.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

ctfmon.exe

#1 Příspěvek od martin1973 »

Virus total mi vtom našiel vírus :twisted: Čítal som ,že je to súčasť windovsu-prepínač jazykov a neviem ho odstániť ak to je určite vírus.
Current status: finished
Result: 1/41 (2.44%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.14 -
AhnLab-V3 5.0.0.2 2010.01.13 -
AntiVir 7.9.1.134 2010.01.13 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.13 -
Avast 4.8.1351.0 2010.01.13 -
AVG 9.0.0.725 2010.01.14 -
BitDefender 7.2 2010.01.14 -
CAT-QuickHeal 10.00 2010.01.13 -
ClamAV 0.94.1 2010.01.13 -
Comodo 3574 2010.01.14 -
DrWeb 5.0.1.12222 2010.01.14 -
eSafe 7.0.17.0 2010.01.13 Win32.Banker
eTrust-Vet 35.2.7235 2010.01.13 -
F-Prot 4.5.1.85 2010.01.13 -
F-Secure 9.0.15370.0 2010.01.14 -
Fortinet 4.0.14.0 2010.01.14 -
GData 19 2010.01.14 -
Ikarus T3.1.1.80.0 2010.01.14 -
Jiangmin 13.0.900 2010.01.13 -
K7AntiVirus 7.10.946 2010.01.13 -
Kaspersky 7.0.0.125 2010.01.14 -
McAfee 5860 2010.01.13 -
McAfee+Artemis 5860 2010.01.13 -
McAfee-GW-Edition 6.8.5 2010.01.13 -
Microsoft 1.5302 2010.01.14 -
NOD32 4769 2010.01.13 -
Norman 6.04.03 2010.01.13 -
nProtect 2009.1.8.0 2010.01.13 -
Panda 10.0.2.2 2010.01.13 -
PCTools 7.0.3.5 2010.01.14 -
Prevx 3.0 2010.01.14 -
Rising 22.30.03.01 2010.01.14 -
Sophos 4.49.0 2010.01.14 -
Sunbelt 3.2.1858.2 2010.01.14 -
Symantec 20091.2.0.41 2010.01.14 -
TheHacker 6.5.0.3.149 2010.01.14 -
TrendMicro 9.120.0.1004 2010.01.13 -
VBA32 3.12.12.1 2010.01.14 -
ViRobot 2010.1.13.2134 2010.01.13 -
VirusBuster 5.0.21.0 2010.01.13 -
Additional information
File size: 15360 bytes
MD5 : 5f1d5f88303d4a4dbc8e5f97ba967cc3
SHA1 : 99cb7370f16773c8e2d0c86fe805ec638ab126e9
SHA256: 5fb24fc7916a6e6b3be7d84cb1684215b266cd1495575c2e5672b8447932e5b1
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2E35
timedatestamp.....: 0x48025356 (Sun Apr 13 20:39:18 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2AB8 0x2C00 6.75 414ce647d4328e7513d4155b1a2c9499
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x870 0xA00 3.85 421ca88053c2138f828a915f2a95d754

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 97ba967cc3
ssdeep: 192:W6hGoc4F/MNhlYWpjZ+o7NpO7MIl8SVPTI7mW7rOi7oLG9lMnjmxAITljrUFE3W3:FA1Eo7NY8MPTIaW7/lumxlJlWDlgW
PEiD : -
RDS : NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy A prikladám rsit log Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin Cigas at 2010-01-14 15:57:49
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (37%) free of 30 GB
Total RAM: 767 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:54, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Inštalačky\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Martin Cigas.exe

R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9dfcc5ef5a890) (gupdate1c9dfcc5ef5a890) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8033 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-09 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-12 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-09 259696]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-02 2215960]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-04-23 1817600]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2003-10-07 548864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-12 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cb8abde-303f-11de-9348-806d6172696f}]
shell\AutoRun\command - J:\PlayDiskStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9c6e1cc-f17a-11de-83ab-001bfc5d8e9c}]
shell\AutoRun\command - u16sqrqn.exe
shell\open\command - u16sqrqn.exe


======List of files/folders created in the last 1 months======

2010-01-14 15:30:03 ----D---- C:\MFT 63602
2010-01-13 22:14:48 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 22:14:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-13 22:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-13 20:21:47 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-13 16:10:52 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-01-13 16:10:51 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-01-13 16:10:50 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 16:10:07 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2010-01-13 16:09:52 ----D---- C:\Program Files\TuneUp Utilities 2008
2010-01-13 16:08:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2ED41547-5A7F-4053-A4FA-85191D5B11F9}
2010-01-13 16:08:26 ----D---- C:\Program Files\Lavasoft
2010-01-13 16:08:26 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-13 14:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 14:40:00 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 14:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 17:05:16 ----D---- C:\Program Files\Common Files\TV
2010-01-12 17:05:11 ----D---- C:\Program Files\AVerTV
2010-01-10 20:46:03 ----D---- C:\Program Files\Ubi Soft
2010-01-10 08:22:14 ----D---- C:\rsit
2009-12-28 11:46:13 ----D---- C:\Program Files\iTeddy File Converter
2009-12-27 17:01:41 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 18:25:29 ----A---- C:\WINDOWS\MediaManager.INI
2009-12-25 10:36:48 ----SHD---- C:\WINDOWS\ftpcache
2009-12-25 10:36:18 ----A---- C:\WINDOWS\compedia.ini
2009-12-25 10:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Compedia
2009-12-25 10:06:17 ----A---- C:\WINDOWS\Star Assault Uninstaller.exe
2009-12-25 10:05:49 ----D---- C:\Program Files\Star Assault
2009-12-24 21:37:16 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 21:36:47 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-12-18 22:08:21 ----D---- C:\Program Files\Buena Vista Games
2009-12-15 16:08:27 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2010-01-14 15:36:39 ----SD---- C:\WINDOWS\Tasks
2010-01-14 15:36:39 ----D---- C:\WINDOWS\Temp
2010-01-14 15:18:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 15:17:36 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Skype
2010-01-14 15:16:15 ----A---- C:\WINDOWS\AVerTV.ini
2010-01-14 15:11:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 14:25:31 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-14 14:24:58 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\skypePM
2010-01-13 22:51:19 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 22:51:19 ----D---- C:\WINDOWS\RegisteredPackages
2010-01-13 22:50:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 22:14:35 ----RD---- C:\Program Files
2010-01-13 20:21:47 ----D---- C:\WINDOWS\system32
2010-01-13 16:18:48 ----AD---- C:\WINDOWS
2010-01-13 16:15:47 ----HD---- C:\WINDOWS\inf
2010-01-13 16:15:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-13 16:10:54 ----SHD---- C:\WINDOWS\Installer
2010-01-13 16:10:38 ----HD---- C:\Config.Msi
2010-01-13 16:09:07 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-13 16:08:22 ----D---- C:\WINDOWS\WinSxS
2010-01-13 15:47:45 ----D---- C:\WINDOWS\AppPatch
2010-01-13 14:40:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 14:40:03 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 01:48:50 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Vso
2010-01-12 21:51:08 ----D---- C:\WINDOWS\Prefetch
2010-01-12 17:05:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-12 17:05:16 ----D---- C:\Program Files\Common Files
2010-01-12 17:04:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-12 17:03:50 ----A---- C:\WINDOWS\system32\Prop7134.dll
2010-01-12 17:03:49 ----A---- C:\WINDOWS\system32\34com.dll
2010-01-12 17:03:49 ----A---- C:\WINDOWS\system32\34api.dll
2010-01-12 16:12:44 ----D---- C:\Program Files\Spyware Terminator
2010-01-11 20:46:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-01-11 20:40:40 ----D---- C:\WINDOWS\system32\config
2010-01-11 20:40:24 ----D---- C:\WINDOWS\system32\wbem
2010-01-11 20:40:23 ----D---- C:\WINDOWS\Registration
2010-01-11 20:40:13 ----D---- C:\Program Files\Opera
2010-01-11 20:04:02 ----D---- C:\Program Files\BS_Player
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-27 17:02:00 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-24 21:36:42 ----A---- C:\WINDOWS\disney.ini
2009-12-24 21:35:57 ----D---- C:\Program Files\Disney Interactive
2009-12-22 19:22:13 ----A---- C:\WINDOWS\disneysy.ini
2009-12-22 19:11:59 ----D---- C:\Program Files\GP Vs Superbike
2009-12-22 19:11:35 ----D---- C:\Program Files\FoxJones
2009-12-22 18:21:26 ----D---- C:\WINDOWS\system32\Restore
2009-12-21 20:54:01 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon); C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2010-01-12 346304]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-04-18 805440]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 PhTVTune;Cap7134 TVTuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2010-01-12 54304]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2003-10-07 896562]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-14 10496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-09-27 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-09-27 25512]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-19 47360]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sony_ssm.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-25 6912]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-13 1181328]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-23 606720]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-08-16 225280]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-28 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-01-13 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119359
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: ctfmon.exe

#2 Příspěvek od Rudy »

Jako vir ho identeifikoval poze eSafe, což je poměrně nevýznamný antivirus. Myslím, že v tomhle případě jde o falešný poplach. Tím ale netvrdím, že PC je čisté. Dejte loig z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: ctfmon.exe

#3 Příspěvek od martin1973 »

ComboFix 10-01-14.01 - Martin Cigas 14.01.2010 21:15:07.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.394 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\My Documents\Preberanie\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martin Cigas\Application Data\inst.exe
c:\windows\system32\34api.dll
c:\windows\system32\34com.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GLAIDE32


((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-14 14:30 . 2010-01-14 14:30 -------- d-----w- C:\MFT 63602
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-13 15:10 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 16:05 . 2010-01-12 16:05 -------- d-----w- c:\program files\Common Files\TV
2010-01-12 16:05 . 2010-01-14 20:21 -------- d-----w- c:\program files\AVerTV
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2010-01-10 07:22 . 2010-01-10 07:22 -------- d-----w- C:\rsit
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-26 21:05 . 2009-12-23 16:56 52224 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
2009-12-26 21:05 . 2009-12-23 16:56 101376 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 20:22 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-14 20:07 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-14 19:58 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-13 00:48 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-12 16:05 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-12 15:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-11 19:46 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-24 12:00 . 2010-01-11 19:38 142576 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-24 23:54 . 2009-08-30 11:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-08-30 11:50 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-08-30 11:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-08-30 11:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-30 11:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-08-30 11:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-08-30 11:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-08-30 11:50 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-08-30 11:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 07:34 . 2006-02-28 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-06-20 19:47 . 2009-06-20 19:47 48 --sha-w- c:\windows\S5E9D9D73.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickTV.lnk - c:\program files\AVerTV\QuickTV.exe [2005-2-16 401408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.8.2009 12:50 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.8.2009 12:50 20560]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - component: c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1432)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RunDll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\sm56hlpr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-01-14 21:25:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 20:25

Pre-Run: 11 936 153 600 bytes free
Post-Run: 11 871 588 352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2BCD1A13EDB606C88AC6E506D05084B9
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119359
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: ctfmon.exe

#4 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\S5E9D9D73.tmp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9c6e1cc-f17a-11de-83ab-001bfc5d8e9c}]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: ctfmon.exe

#5 Příspěvek od martin1973 »

ComboFix 10-01-14.02 - Martin Cigas 14.01.2010 22:30:25.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.315 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\My Documents\Preberanie\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Cigas\Desktop\CFscript.txt.lnk
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-14 14:30 . 2010-01-14 14:30 -------- d-----w- C:\MFT 63602
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-13 15:10 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 16:05 . 2010-01-12 16:05 -------- d-----w- c:\program files\Common Files\TV
2010-01-12 16:05 . 2010-01-14 20:21 -------- d-----w- c:\program files\AVerTV
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2010-01-10 07:22 . 2010-01-10 07:22 -------- d-----w- C:\rsit
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-26 21:05 . 2009-12-23 16:56 52224 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
2009-12-26 21:05 . 2009-12-23 16:56 101376 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 21:35 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-14 20:26 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-14 20:07 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-13 00:48 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-12 16:05 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-12 15:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-11 19:46 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-24 12:00 . 2010-01-11 19:38 142576 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-24 23:54 . 2009-08-30 11:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-08-30 11:50 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-08-30 11:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-08-30 11:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-30 11:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-08-30 11:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-08-30 11:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-08-30 11:50 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-08-30 11:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 07:34 . 2006-02-28 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-06-20 19:47 . 2009-06-20 19:47 48 --sha-w- c:\windows\S5E9D9D73.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickTV.lnk - c:\program files\AVerTV\QuickTV.exe [2005-2-16 401408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.8.2009 12:50 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.8.2009 12:50 20560]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - component: c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1392)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-14 22:36:56
ComboFix-quarantined-files.txt 2010-01-14 21:36
ComboFix2.txt 2010-01-14 20:25

Pre-Run: 11 868 594 176 bytes free
Post-Run: 11 857 776 640 bytes free

- - End Of File - - B04A21C77ED3D2688ED59F047CFF111D
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119359
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: ctfmon.exe

#6 Příspěvek od Rudy »

Spusťte CF ještě jednou a skript pojmenujte přeně takto: CFScript.txt.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: ctfmon.exe

#7 Příspěvek od martin1973 »

ComboFix 10-01-14.02 - Martin Cigas 14.01.2010 23:01:43.3.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.234 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\My Documents\Preberanie\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Cigas\Desktop\CFScript.txt..txt
AV: avast! antivirus 4.8.1368 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\S5E9D9D73.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\S5E9D9D73.tmp

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-14 14:30 . 2010-01-14 14:30 -------- d-----w- C:\MFT 63602
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-13 15:10 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 16:05 . 2010-01-12 16:05 -------- d-----w- c:\program files\Common Files\TV
2010-01-12 16:05 . 2010-01-14 20:21 -------- d-----w- c:\program files\AVerTV
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2010-01-10 07:22 . 2010-01-10 07:22 -------- d-----w- C:\rsit
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-26 21:05 . 2009-12-23 16:56 52224 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
2009-12-26 21:05 . 2009-12-23 16:56 101376 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 22:06 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-14 21:38 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-14 20:07 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-13 00:48 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-12 16:05 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-12 15:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-11 19:46 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-24 12:00 . 2010-01-11 19:38 142576 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-24 23:54 . 2009-08-30 11:50 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-08-30 11:50 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-08-30 11:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-08-30 11:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-30 11:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-08-30 11:50 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-08-30 11:50 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-08-30 11:50 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-08-30 11:50 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 07:34 . 2006-02-28 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickTV.lnk - c:\program files\AVerTV\QuickTV.exe [2005-2-16 401408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.8.2009 12:50 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.8.2009 12:50 20560]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - component: c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\9d1ekvw2.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 23:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-14 23:07:35
ComboFix-quarantined-files.txt 2010-01-14 22:07
ComboFix2.txt 2010-01-14 20:25

Pre-Run: 11 868 557 312 bytes free
Post-Run: 11 857 698 816 bytes free

- - End Of File - - 723716A5943B2E517169D3536C636CDC
Upload was successful
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119359
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: ctfmon.exe

#8 Příspěvek od Rudy »

Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
martin1973
Návštěvník
Návštěvník
Příspěvky: 194
Registrován: 13 led 2010 23:10

Re: ctfmon.exe

#9 Příspěvek od martin1973 »

Ok díky
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119359
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: ctfmon.exe

#10 Příspěvek od Rudy »

Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“