Komunikat Recycled\ctfmon.exe


(system) #1

Wiatm! !!

Moj problem to niemozliwosc otwierania dyskow po dwukrotnym kliknieciu myszki, wyskakuje komuniakt "Recycled\ctfmon.exe".

Bardzo prosze o pomoc, tylko jak najlatwiej przyswajalna. Dziekowac z gory.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:37:12, on 2008-10-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AVACS\PC-TV FM\RemoteCtl.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.onet.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O4 - HKLM..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM..\Run: [POINTER] point32.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart

O4 - HKLM..\Run: [NSRKey] C:\PROGRA~1\NORTON~2\NSR\Agent\NSRTray.exe

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\AVACS\PC-TV FM\RemoteCtl.exe

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.onet.pl

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 5457 bytes


(Leon$) #2

log czysty

Pobierz Combofix http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log

:slight_smile:


(system) #3

ComboFix 08-10-04.01 - A&A 2008-10-04 18:27:55.1 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.299 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\A&A\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\msssc.dll

D:\Autorun.inf

E:\Autorun.inf

F:\Autorun.inf

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-04 do 2008-10-04 )))))))))))))))))))))))))))))))

.

2008-09-29 20:15 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-09-29 20:15 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-09-29 20:15 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-09-29 20:15 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-09-28 14:12 . 2008-09-28 14:12

2008-09-26 20:51 . 2008-09-26 20:51

2008-09-26 20:51 . 2008-09-26 20:51

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2008-09-26 20:47

2008-09-26 20:47 . 2006-10-10 08:54 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-09-26 20:47 . 2006-10-10 08:54 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-09-26 20:47 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-09-26 20:47 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-09-26 20:47 . 2006-10-10 08:54 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-09-26 20:47 . 2006-10-10 08:54 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2008-09-24 19:27 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 13:26 --------- d-----w C:\Program Files\Common Files\Ahead

2008-08-29 13:26 --------- d-----w C:\Program Files\Ahead

2008-08-28 14:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-08-28 14:31 --------- d-----w C:\Documents and Settings\AA\Dane aplikacji\Symantec

2008-08-27 17:20 --------- d-----w C:\Program Files\XviD

2008-08-27 17:14 --------- d-----w C:\Program Files\Tsunami-Filter-Pack

2008-08-27 17:00 --------- d-----w C:\Documents and Settings\AA\Dane aplikacji\AdobeUM

2008-08-27 16:50 --------- d-----w C:\Program Files\AVACS

2008-08-27 16:47 --------- d-----w C:\Program Files\SubEdit-Player

2008-08-27 16:41 --------- d-----w C:\Program Files\DC++

2008-08-27 16:32 --------- d-----w C:\Program Files\Spik

2008-08-27 16:32 --------- d-----w C:\Documents and Settings\AA\Dane aplikacji\Spik

2008-08-27 16:14 --------- d-----w C:\Program Files\Opera

2008-08-27 16:12 --------- d-----w C:\Program Files\Winamp

2008-08-27 16:12 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-27 16:10 --------- d-----w C:\Program Files\Gadu-Gadu

2008-08-27 16:09 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer

2008-08-27 16:08 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-08-27 16:08 --------- d-----w C:\Program Files\DAEMON Tools

2008-08-27 16:03 --------- d-----w C:\Program Files\Microsoft Hardware

2008-08-27 16:01 --------- d-----w C:\Program Files\Analog Devices

2008-08-27 15:58 --------- d-----w C:\Program Files\ATI Technologies

2008-08-27 15:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 15:56 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-27 15:49 --------- d-----w C:\Program Files\microsoft frontpage

2008-08-27 15:47 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2003-09-30 729088]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]

"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 35328]

"Spik"="C:\Program Files\Spik\Spik.exe" [2008-08-20 103912]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

PC-TV FM Remote Control.lnk - C:\Program Files\AVACS\PC-TV FM\RemoteCtl.exe [2008-08-27 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo"= C:\WINDOWS\878Map.drv

"VIDC.DIV4"= divxc32f.dll

"VIDC.DIV3"= divxc32.dll

"MSACM.DIVXA32"= divxa32.acm

"MSACM.L3ACM"= l3codecp.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Spik\Spik.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\DC++\DCPlusPlus.exe"=

"F:\Gry\cs\Counter-Strike 1.6\hl.exe"=

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-11-06 265512]

R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-07 18944]

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 13308]

*Newly Created Service* - PROCEXP90

.

  • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-NSRKey - C:\PROGRA~1\NORTON~2\NSR\Agent\NSRTray.exe

HKLM-Run-POINTER - point32.exe

.

------- Skan uzupełniający -------

.

R0 -: HKCU-Main,Start Page = www.onet.pl

O8 -: Eksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O18 -: Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-04 18:29:00

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-10-04 18:29:41

ComboFix-quarantined-files.txt 2008-10-04 16:29:40

Przed: 5 801 172 992 bajtów wolnych

Po: 5,906,915,328 bajtów wolnych

148


(Kambor4) #4

Czysto.

Przeskanuj tym: Dr.WEB CureIt!.

============================

K.