cftmon645

[junfan]

Zdravim,
Ve startu mam soubor: C:\Users\morff\AppData\Roaming\{AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA}\cftmon.exe
program "cftmon645"
Nejde smaznout ze startu a ani najit cestu kde je ulozet i kdyz mam zobrazovat skryte slozky.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:02, on 9.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Google Plus - {01677B4B-0610-4814-94A0-5F570DD7A88F} - C:\PROGRA~1\GOOGLE~1\17GOOG~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Super-Search - search like an expert - {B88F0A3B-663C-4342-A7CE-2D6F81032897} - C:\PROGRA~1\EASYSE~1\BHO\1SUPER~1.DLL
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [cftmon645] "C:\ProgramData\WordPad\{99999999-9999-9999-9999-999999999999}\cftmon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [cftmon645] "C:\Users\morff\AppData\Roaming\{AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA}\cftmon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5532 bytes

[Reklama]

[junfan]

Nikdo nikde?

[Polkiking]

nouzovy rezim a skus ho smaznout ... pokud neni teda systemovy ... sezen si combofix a dej spravny nazev topicku o hijack this cisteni ..

[peacoq]

zadnej combo fix nikde neshanej a uz vunbec ho sam nespoustej (!) - dal jsi spravne HJT- log, a tak pockej, az se ho nekdo ujme > vetsina z nas uz jsme po/starsi lide a je sobota - cas hojnosti

Ale: ...cftmon.exe: jedna se o soucast Microsoft Office - hlasove vstupy http://www.processlibrary.com/directory/files/cftmon

[Polkiking]

Sehnat ne spustit do foroty ... ano je sobota cas kalby .. a ten soubor me prisel systemovy ale nebyl jsem si jisty ...

[junfan]

Vím co je cftmon.exe, ale zaráží mi jeho jiný název a to že nejde odstranit běžným způsobem za startupu.
S odstraněním bych také neměl problémy, ale rád si před tím ověřím, zda to je vir či nikoliv.

[peacoq]

Kdyz vis... tak i vis, ze nejde ''jen tak odstranit'';
Na rozdíl od funkcí alternativního vstupu uživatele je program Ctfmon.exe systémovou součástí, kterou nelze odinstalovat.
Při odebrání programu Ctfmon.exe může dojít k problematickému chování aplikací sady Office XP, proto se jeho odebrání nedoporučuje. Chcete-li zabránit spuštění programu Ctfmon.exe, postupujte takto: http://support.microsoft.com/kb/282599/cs

[pitimir]

Nazdar, ide o smejda...normalny ctfmon.exe by sa z %APPDATA% nemal spustat...

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

[junfan]

DDS (Ver_09-12-01.01) - NTFSx86
Run by morff at 18:58:00,93 on po 11.01.2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.1023.342 [GMT 1:00]

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\morff\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: H - No File
BHO: Google Plus: {01677b4b-0610-4814-94a0-5f570dd7a88f} - c:\progra~1\google~1\17GOOG~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Super-Search - search like an expert: {b88f0a3b-663c-4342-a7ce-2d6f81032897} - c:\progra~1\easyse~1\bho\1SUPER~1.DLL
BHO: Ukazatel S-Rank: {ea837f48-5ad1-443e-ae34-ffe03cbf3099} - c:\program files\seznam.cz\core.2.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Seznam Postak] "c:\program files\seznam.cz\postak.exe" -s
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [cftmon645] "c:\users\morff\appdata\roaming\{aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa}\cftmon.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [cftmon645] "c:\programdata\wordpad\{99999999-9999-9999-9999-999999999999}\cftmon.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-12-22 142592]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-29 95896]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2009-12-3 5504]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-11 54632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2009-10-9 3328]

=============== Created Last 30 ================

2010-01-11 11:19:33 0 d-----w- c:\program files\DVR-Studio HD
2010-01-10 18:54:55 0 d-----w- c:\users\morff\appdata\roaming\Haenlein-Software
2010-01-10 18:54:55 0 d-----w- c:\program files\DVR-Compress
2010-01-10 18:54:40 0 d-----w- c:\program files\DVR-Studio Pro 2
2010-01-09 09:44:52 0 d-----w- c:\program files\Trend Micro
2010-01-01 01:21:43 0 d-----w- c:\users\morff\appdata\roaming\{22222222-2222-2222-2222-222222222222}
2009-12-29 06:48:26 639 ----a-w- c:\windows\MOO Design spořič obrazovky.c4
2009-12-29 06:48:26 627 ----a-w- c:\windows\MOO Design spořič obrazovky.c3
2009-12-29 06:48:26 627 ----a-w- c:\windows\MOO Design spořič obrazovky.c1
2009-12-29 06:48:26 495104 ----a-w- c:\windows\MOO Design spořič obrazovky.exe
2009-12-29 06:48:26 480054 ----a-w- c:\windows\MOO Design spořič obrazovky.bmp
2009-12-29 06:48:26 4286 ----a-w- c:\windows\MOO Design spořič obrazovky.ico
2009-12-29 06:48:26 224633 ----a-w- c:\windows\MOO Design spořič obrazovky.swf
2009-12-29 06:48:26 0 ----a-w- c:\windows\MOO Design spořič obrazovky.ini
2009-12-29 06:48:25 903680 ----a-w- c:\windows\MOO Design spořič obrazovky.scr
2009-12-29 06:48:25 0 d-----w- c:\windows\MOO Design spořič obrazovky Uninstaller
2009-12-22 11:29:40 0 d-----w- c:\users\morff\appdata\roaming\{55555555-5555-5555-5555-555555555555}
2009-12-21 23:37:47 0 d-----w- c:\windows\system32\Nexus Radio
2009-12-21 23:37:47 0 d-----w- c:\program files\Nexus Radio
2009-12-21 23:37:47 0 d-----w- C:\My Saved Files
2009-12-21 23:37:47 0 d-----w- C:\My Recorded Files
2009-12-21 23:29:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-21 23:29:23 0 d-----w- c:\users\morff\appdata\roaming\Spyware Terminator
2009-12-21 23:29:19 0 d-----w- c:\programdata\Spyware Terminator
2009-12-21 23:29:16 0 d-----w- c:\program files\Spyware Terminator
2009-12-21 16:07:31 291 ----a-w- c:\windows\PowerReg.dat
2009-12-21 16:07:24 0 d-----w- c:\windows\Corel
2009-12-21 16:07:24 0 d-----w- c:\program files\KnockOut 2
2009-12-21 16:01:34 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-21 15:23:13 0 d-----w- c:\programdata\boost_interprocess
2009-12-21 15:17:02 0 d-----w- c:\program files\Topaz Labs
2009-12-21 15:17:02 0 d-----w- c:\program files\common files\Topaz Labs
2009-12-20 07:26:37 0 d-----w- c:\users\morff\appdata\roaming\{BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBB}
2009-12-18 09:16:09 0 d-----w- c:\programdata\ICQ
2009-12-18 09:15:14 0 d-----w- c:\program files\ICQ6.5
2009-12-17 12:30:41 0 d-----w- c:\users\morff\appdata\roaming\{AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA}
2009-12-16 18:08:12 0 d-----w- c:\users\morff\appdata\roaming\{33333333-3333-3333-3333-333333333333}
2009-12-15 11:29:42 0 d-----w- c:\program files\common files\Macrovision Shared
2009-12-15 11:08:10 0 d-----w- c:\program files\GooglePlusVideos
2009-12-15 11:06:31 0 d-----w- c:\users\morff\appdata\roaming\Babylon
2009-12-15 11:06:31 0 d-----w- c:\programdata\Babylon
2009-12-15 11:06:27 0 d-----w- c:\program files\EasySearch
2009-12-14 13:55:33 0 d-----w- c:\program files\ScenicReflections
2009-12-14 07:49:27 0 d-----w- c:\program files\CrossLoop
2009-12-13 09:05:03 0 d-----w- c:\users\morff\appdata\roaming\BSplayer Pro
2009-12-13 09:05:03 0 d-----w- c:\users\morff\appdata\roaming\BSplayer
2009-12-13 09:04:55 0 d-----w- c:\program files\Webteh
2009-12-12 23:42:55 0 d-----w- c:\program files\Dream Aquarium
2009-12-12 19:44:55 0 d-----w- c:\program files\PCNetSoftware
2009-12-12 19:16:14 0 d-----w- c:\program files\QS
2009-12-12 19:15:41 0 d-----w- c:\users\morff\appdata\roaming\TeamViewer
2009-12-12 19:03:27 0 d-----w- c:\users\morff\temp

==================== Find3M ====================

2010-01-04 14:11:36 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-01-04 14:11:36 118604 ----a-w- c:\windows\system32\perfc005.dat
2009-12-06 20:16:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-06 19:35:30 87608 ----a-w- c:\users\morff\appdata\roaming\inst.exe
2009-12-06 19:35:30 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-06 19:35:30 47360 ----a-w- c:\users\morff\appdata\roaming\pcouffin.sys
2009-12-03 20:18:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-03 10:09:20 5504 ----a-w- c:\windows\system32\drivers\IntelDH.sys
2009-12-03 09:39:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-20 19:33:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33:00 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 19:33:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-13 14:16:02 73216 ----a-w- c:\windows\system32\RTEEL32A.dll
2009-11-13 14:16:02 59392 ----a-w- c:\windows\system32\RTEEG32A.dll
2009-11-13 14:16:02 348160 ----a-w- c:\windows\system32\RTEEP32A.dll
2009-11-13 14:16:02 165376 ----a-w- c:\windows\system32\RTEED32A.dll
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 08:43:59 36232 ----a-w- c:\windows\inf\perflib\0405\perfd.dat
2009-07-14 08:43:59 36232 ----a-w- c:\windows\inf\perflib\0405\perfc.dat
2009-07-14 08:43:59 292004 ----a-w- c:\windows\inf\perflib\0405\perfi.dat
2009-07-14 08:43:59 292004 ----a-w- c:\windows\inf\perflib\0405\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:58:40,43 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3.12.2009 10:49:36
System Uptime: 1.11.2010 18:40:57 (-7056 hours ago)

Motherboard: | | 4Core1333-Viiv
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | CPUSocket | 1994/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 38,18 GiB free.
D: is CDROM ()
E: is CDROM ()
K: is FIXED (FAT32) - 112 GiB total, 34,736 GiB free.
L: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Myš Microsoft pro port PS/2
Device ID: ACPI\PNP0F03\4&280411F0&0
Manufacturer: Microsoft
Name: Myš Microsoft pro port PS/2
PNP Device ID: ACPI\PNP0F03\4&280411F0&0
Service: i8042prt

Class GUID:
Description:
Device ID: ACPI\PNPB006\4&280411F0&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\4&280411F0&0
Service:

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standardní klávesnice PS/2
Device ID: ACPI\PNP0303\4&280411F0&0
Manufacturer: (Standardní klávesnice)
Name: Standardní klávesnice PS/2
PNP Device ID: ACPI\PNP0303\4&280411F0&0
Service: i8042prt

==== System Restore Points ===================

RP60: 7.1.2010 12:37:36 - Naplánovaný kontrolní bod
RP61: 8.1.2010 16:55:01 - Windows Update
RP63: 9.1.2010 10:08:31 - Spyware Terminator - restore point
RP65: 9.1.2010 10:09:51 - Spyware Terminator - restore point
RP66: 11.1.2010 12:19:06 - Installed DVR-Studio HD

==== Installed Programs ======================

Active Desktop Calendar 7.86
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2 - Czech
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
BS.Player FREE
CCleaner
Connect
ConvertXtoDVD 3.5.3.139
CrossLoop 2.60
Dream Aquarium
DVR-Studio HD
DVR-Studio Pro 2
ESET NOD32 Antivirus
HijackThis 2.0.2
ICQ6.5
Junk Mail filter update
KnockOut 2
kuler
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
MOO Design spořič obrazovky
MSVCRT
MultiMail 2.7.2
Nexus Radio
Nokia Connectivity Cable Driver
Nástroj pro odesílání služby Windows Live
NVIDIA Display Control Panel
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Pomocník pro přihlášení ke službě Windows Live ID
Realtek High Definition Audio Driver
Remote Administrator Control Client 3.5.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SendBlaster
Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)
Spyware Terminator
Suite Shared Configuration CS4
Topaz ReMask 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb976884)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Movie Maker
Windows Live Sync
Windows Live Zabezpečení rodiny
WinRAR

==== End Of File ===========================

[junfan]

Zatim nic?

[pitimir]

To mas tak, musim aj existovat

Stiahni ComboFix - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uURLSearchHooks: H - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [cftmon645] "c:\users\morff\appdata\roaming\{aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa}\cftmon.exe"
mRun: [cftmon645] "c:\programdata\wordpad\{99999999-9999-9999-9999-999999999999}\cftmon.exe"

DirLook::
c:\users\morff\appdata\roaming
c:\programdata\wordpad

FileLook::
c:\windows\MOO Design spořič obrazovky.exe

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[junfan]

Mam Windows 7... Nemam zkusenost s ComboFixem na tehle verzi Windowsu