prosím o kontrolu logu-virus nejde odstranit

[strelec3751]

Dobrý den prosím o kontrolu logu, NOD mi detekoval infiltraci v c:\WINDOWS\system32\cmsetAC.dll.
Při první kontrole napsal : "pravděpodobná varianta infiltrace Win32/BHO trojský kůň"
Při druhé kontrole : "varianta infiltrace Win32/Rootkit.Podnuha trojský kůň".
Uvedený soubor nejde léčit ani smazat. Zkoušel jsem ho odstranit různými programy (Hijackthis,NOD,Killbox,Combofix,RegRun Security Suite),ale bez úspěchu .

Log z Hijackthis:
---------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:43, on 5.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Antivir\a-squared Free\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ConMet\ConMet.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\TotalCmd UP4\totalcmd.exe
C:\Program Files\antivir\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {18BF432C-DBA1-4596-97C0-53EB14188BBE} - C:\WINDOWS\system32\cmsetAC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\Antivir\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


Log z Combofix:
---------------
ComboFix 08-07-26.1 - Jirka 2008-11-05 14:28:11.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.599 [GMT 1:00]
Running from: C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jirka\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\WINDOWS\system32\cmsetac.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\cmsetac.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 14:22 . 2008-11-05 14:23 2,793,917 --a------ C:\WINDOWS\system32\VDSFNKPXVN
2008-11-05 12:50 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-11-05 12:50 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-11-05 12:50 . 2008-11-05 12:50 26 --a------ C:\WINDOWS\Lic.xxx
2008-11-05 12:21 . 2008-11-05 12:21 43 --a------ C:\WINDOWS\system32\Partizan.RRI
2008-11-05 11:56 . 2008-11-05 11:56 <DIR> d-------- C:\WINDOWS\RestoreSafeDeleted
2008-11-05 11:53 . 2008-11-05 12:07 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-11-04 20:57 . 2008-11-04 20:57 82 --a------ C:\WINDOWS\SILCOM_P.INI
2008-11-04 17:53 . 1996-02-14 14:01 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-11-04 17:53 . 1996-02-14 14:01 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-11-04 17:49 . 1996-02-14 14:01 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2008-11-04 17:49 . 1996-02-14 14:01 92,208 --a------ C:\WINDOWS\system\WING.DLL
2008-11-04 17:49 . 1998-09-02 12:43 81,920 --a------ C:\WINDOWS\system\LZSCMPRS.DLL
2008-11-04 17:49 . 1996-02-14 14:01 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-11-04 17:49 . 1996-02-14 14:01 6,736 --a------ C:\WINDOWS\system\WINGDIB.DRV
2008-11-04 17:49 . 1996-02-14 14:01 5,024 --a------ C:\WINDOWS\system\WINGPAL.WND
2008-11-04 17:49 . 1996-02-14 14:01 1,966 --a------ C:\WINDOWS\system\DVA.386
2008-11-04 17:47 . 1997-04-18 11:45 252,928 --a------ C:\WINDOWS\UN160405.EXE
2008-11-04 17:47 . 1996-11-05 16:19 247,648 --a------ C:\WINDOWS\UNINST16.EXE
2008-11-04 17:47 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2008-11-04 17:47 . 2008-11-04 18:15 230 --a------ C:\WINDOWS\compedia.ini
2008-10-31 21:37 . 2008-10-31 21:37 <DIR> d-------- C:\Program Files\proDAD
2008-10-31 21:37 . 2008-10-31 21:37 <DIR> d-------- C:\Program Files\LooksBuilderSE
2008-10-31 21:37 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-10-31 21:36 . 2008-10-31 23:10 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-10-31 21:36 . 2003-06-26 10:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-10-31 21:36 . 2003-07-01 16:49 69,632 --a------ C:\WINDOWS\system32\MtxPreview.dll
2008-10-31 21:36 . 2003-07-01 16:49 49,152 --a------ C:\WINDOWS\system32\MtxParhBFXPreview.dll
2008-10-31 21:36 . 2003-01-20 09:08 49,152 --a------ C:\WINDOWS\system32\CvoAPI.dll
2008-10-31 21:36 . 2003-07-09 10:43 45,056 --a------ C:\WINDOWS\system32\BFXSrcFilter.ax
2008-10-31 21:36 . 2008-10-31 23:18 2,689 --a------ C:\WINDOWS\Graffiti5.2Pin.ini
2008-10-31 21:32 . 2008-10-31 21:32 <DIR> d-------- C:\Program Files\Common Files\Pinnacle
2008-10-31 21:32 . 2005-09-23 23:18 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-10-31 21:31 . 2008-10-31 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikac
2008-10-31 21:28 . 2008-10-31 21:35 <DIR> d-------- C:\Program Files\Pinnacle
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- C:\Program Files\Common Files\Yahoo!
2008-10-31 11:43 . 2008-10-31 11:43 459,857 --a------ C:\bookmarks 31.10.2008.html
2008-10-20 16:06 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-20 16:06 . 2004-03-09 16:45 440,352 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-10-20 16:06 . 2004-03-09 16:45 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-10-20 16:06 . 2004-03-09 16:45 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-10-20 16:06 . 1998-06-26 21:22 205,848 --a------ C:\WINDOWS\system32\threed32.ocx
2008-10-20 16:06 . 2004-03-09 16:45 167,968 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-10-20 16:06 . 1999-08-11 14:21 129,024 --a------ C:\WINDOWS\system32\VDGT.ocx
2008-10-20 16:06 . 1998-06-26 21:22 84,000 --a------ C:\WINDOWS\system32\msoutl32.ocx
2008-10-20 16:06 . 1998-06-23 20:57 67,376 --a------ C:\WINDOWS\system32\SYSINFO.OCX
2008-10-20 16:06 . 1998-06-26 21:22 57,880 --a------ C:\WINDOWS\system32\spin32.ocx
2008-10-20 15:56 . 2008-10-20 15:56 459,687 --a------ C:\bookmarks20.10.2008.html
2008-10-19 12:33 . 2008-10-19 12:33 <DIR> d-------- C:\Program Files\Ubi Soft
2008-10-19 12:33 . 2002-12-18 09:23 140,488 -ra------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-19 12:33 . 2002-12-18 09:23 115,016 -ra------ C:\WINDOWS\system32\MSINET.OCX
2008-10-19 12:33 . 2002-12-18 09:23 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2008-10-19 12:33 . 2002-12-18 09:23 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2008-10-19 12:33 . 2002-12-18 09:23 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2008-10-19 12:33 . 2002-12-18 09:23 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2008-10-19 12:33 . 2002-12-18 22:20 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2008-10-13 21:46 . 2008-10-31 21:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-10-13 21:46 . 2004-08-17 15:49 93,184 --a------ C:\WINDOWS\system32\cmsetAC.dll
2008-10-05 19:48 . 2008-10-05 19:48 <DIR> d-------- C:\Program Files\IMSI
2008-10-05 11:59 . 2008-10-05 11:59 93 --a------ C:\WINDOWS\ALIK.INI
2008-10-05 11:57 . 2008-11-04 20:56 253,952 --------- C:\WINDOWS\Setup1.exe
2008-10-05 11:57 . 2008-11-04 20:56 73,728 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 11:54 --------- d-----w C:\Program Files\Antivir
2008-11-03 19:22 --------- d-----w C:\Program Files\ConMet
2008-10-31 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-31 14:18 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2008-10-31 10:36 --------- d-----w C:\Program Files\Mozilla Firefox3
2008-10-13 20:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 18:17 --------- d-----w C:\Program Files\ESET
2008-09-22 20:12 --------- d-----w C:\Program Files\WinPcap
2008-09-22 20:05 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-21 20:29 --------- d-----w C:\Program Files\Common Files\ParallelGraphics
2008-09-18 17:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-15 15:40 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 12:56 --------- d-----w C:\Program Files\Logitech
2008-09-10 12:56 --------- d-----w C:\Program Files\Common Files\Logitech
2008-09-08 15:38 --------- d-----w C:\Program Files\CyberLink
2008-09-08 15:37 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-08 14:38 67,072 ----a-w C:\WINDOWS\system32\realbap1.dll
2008-09-08 09:57 --------- d-----w C:\Program Files\Java
2008-09-08 09:56 --------- d-----w C:\Program Files\Common Files\Java
2008-09-05 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-05 16:28 --------- d-----w C:\Program Files\epson
2008-09-05 16:00 --------- d-----w C:\Program Files\MSBuild
2008-09-05 16:00 --------- d-----w C:\Program Files\Microsoft Works
2008-09-05 15:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-05 15:57 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-05 15:50 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-05 14:50 491,520 ----a-w C:\WINDOWS\WebIE.dll
2008-09-05 14:50 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2008-09-05 14:50 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2008-09-05 14:50 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2008-09-05 14:50 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2008-09-05 14:50 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2008-09-05 14:47 516,096 ----a-w C:\WINDOWS\UN32.EXE
2008-09-03 16:06 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-09-03 16:06 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-03 15:37 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-09-01 13:50 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-28 17:50 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-08-20 05:38 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:46 2,182,528 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46 2,059,904 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18BF432C-DBA1-4596-97C0-53EB14188BBE}]
2004-08-17 15:49 93184 --a------ C:\WINDOWS\system32\cmsetAC.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 07:21 1443072]
"ConMet"="C:\Program Files\ConMet\ConMet.exe" [2008-11-03 20:22 3590144]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 10:38 88584]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 08:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-05 15:37 491008 C:\WINDOWS\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 D:\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
--a------ 2006-02-13 05:00 131072 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[Reklama]

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\cmsetac.dll
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\Lic.xxx
C:\WINDOWS\winstart.bat
C:\WINDOWS\UN160405.EXE
C:\WINDOWS\UN32.EXE


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[strelec3751]

ComboFix 08-11-04.02 - Jirka 2008-11-05 20:00:19.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.665 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\windows\Lic.xxx
c:\windows\R.COM
c:\windows\system32\cmsetac.dll
c:\windows\system32\T.COM
c:\windows\UN160405.EXE
c:\windows\UN32.EXE
c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Lic.xxx
c:\windows\R.COM
c:\windows\system32\T.COM
c:\windows\UN160405.EXE
c:\windows\UN32.EXE
c:\windows\winstart.bat
c:\windows\system32\cmsetac.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-05 do 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 18:42 . 2008-11-05 18:42 382 --a------ c:\windows\wininit.ini
2008-11-05 17:53 . 2008-11-05 18:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-11-05 17:47 . 2008-11-05 17:47 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\zts2.exe
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\system32\vcmgcd32.dll
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\system32\iifgfgf.dll
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\rundll16.exe
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\rundl132.dll
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\logo1_.exe
2008-11-05 16:28 . 2008-11-05 16:36 250 --a------ c:\windows\gmer.ini
2008-11-05 15:53 . 2008-11-05 15:53 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2008-11-05 15:53 . 2008-11-05 15:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-05 15:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 15:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 15:44 . 2008-11-05 15:44 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\SUPERAntiSpyware.com
2008-11-05 15:44 . 2008-11-05 15:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-11-05 14:22 . 2008-11-05 14:23 2,793,917 --a------ c:\windows\system32\VDSFNKPXVN
2008-11-05 12:21 . 2008-11-05 12:21 43 --a------ c:\windows\system32\Partizan.RRI
2008-11-05 11:56 . 2008-11-05 11:56 <DIR> d-------- c:\windows\RestoreSafeDeleted
2008-11-04 20:57 . 2008-11-04 20:57 82 --a------ c:\windows\SILCOM_P.INI
2008-11-04 17:53 . 1996-02-14 14:01 92,208 --a------ c:\windows\system32\WING.DLL
2008-11-04 17:53 . 1996-02-14 14:01 12,800 --a------ c:\windows\system32\WING32.DLL
2008-11-04 17:49 . 1996-02-14 14:01 188,960 --a------ c:\windows\system\WINGDE.DLL
2008-11-04 17:49 . 1996-02-14 14:01 92,208 --a------ c:\windows\system\WING.DLL
2008-11-04 17:49 . 1998-09-02 12:43 81,920 --a------ c:\windows\system\LZSCMPRS.DLL
2008-11-04 17:49 . 1996-02-14 14:01 12,800 --a------ c:\windows\system\WING32.DLL
2008-11-04 17:49 . 1996-02-14 14:01 6,736 --a------ c:\windows\system\WINGDIB.DRV
2008-11-04 17:49 . 1996-02-14 14:01 5,024 --a------ c:\windows\system\WINGPAL.WND
2008-11-04 17:49 . 1996-02-14 14:01 1,966 --a------ c:\windows\system\DVA.386
2008-11-04 17:47 . 1996-11-05 16:19 247,648 --a------ c:\windows\UNINST16.EXE
2008-11-04 17:47 . 1995-07-13 18:43 26,768 --a------ c:\windows\system\CTL3D.DLL
2008-11-04 17:47 . 2008-11-04 18:15 230 --a------ c:\windows\compedia.ini
2008-10-31 21:41 . 2008-10-31 21:41 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\DivX
2008-10-31 21:37 . 2008-10-31 21:37 <DIR> d-------- c:\program files\proDAD
2008-10-31 21:37 . 2008-11-05 19:37 <DIR> d-------- c:\program files\LooksBuilderSE
2008-10-31 21:37 . 2008-10-31 21:37 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\proDAD
2008-10-31 21:37 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-10-31 21:36 . 2008-10-31 23:10 <DIR> d-------- c:\program files\Boris FX, Inc
2008-10-31 21:36 . 2003-06-26 10:04 237,568 -ra------ c:\windows\system32\qtmlClient.dll
2008-10-31 21:36 . 2003-07-01 16:49 69,632 --a------ c:\windows\system32\MtxPreview.dll
2008-10-31 21:36 . 2003-07-01 16:49 49,152 --a------ c:\windows\system32\MtxParhBFXPreview.dll
2008-10-31 21:36 . 2003-01-20 09:08 49,152 --a------ c:\windows\system32\CvoAPI.dll
2008-10-31 21:36 . 2003-07-09 10:43 45,056 --a------ c:\windows\system32\BFXSrcFilter.ax
2008-10-31 21:36 . 2008-10-31 23:18 2,689 --a------ c:\windows\Graffiti5.2Pin.ini
2008-10-31 21:32 . 2008-10-31 21:32 <DIR> d-------- c:\program files\Common Files\Pinnacle
2008-10-31 21:32 . 2005-09-23 23:18 171,520 --a------ c:\windows\system32\drivers\MarvinBus.sys
2008-10-31 21:31 . 2008-10-31 22:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle Studio Ultimate
2008-10-31 21:31 . 2008-10-31 22:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2008-10-31 21:28 . 2008-10-31 21:35 <DIR> d-------- c:\program files\Pinnacle
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- c:\program files\Common Files\Yahoo!
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Studio 12
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle Studio Plus
2008-10-31 21:22 . 2008-10-31 23:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle
2008-10-31 20:48 . 2008-10-31 20:49 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Media Player Classic
2008-10-31 11:43 . 2008-10-31 11:43 459,857 --a------ C:\bookmarks 31.10.2008.html
2008-10-20 16:06 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-10-20 16:06 . 2004-03-09 16:45 440,352 --a------ c:\windows\system32\MSHFLXGD.OCX
2008-10-20 16:06 . 2004-03-09 16:45 224,016 --a------ c:\windows\system32\TABCTL32.OCX
2008-10-20 16:06 . 2004-03-09 16:45 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2008-10-20 16:06 . 1998-06-26 21:22 205,848 --a------ c:\windows\system32\threed32.ocx
2008-10-20 16:06 . 2004-03-09 16:45 167,968 --a------ c:\windows\system32\MSMASK32.OCX
2008-10-20 16:06 . 1999-08-11 14:21 129,024 --a------ c:\windows\system32\VDGT.ocx
2008-10-20 16:06 . 1998-06-26 21:22 84,000 --a------ c:\windows\system32\msoutl32.ocx
2008-10-20 16:06 . 1998-06-23 20:57 67,376 --a------ c:\windows\system32\SYSINFO.OCX
2008-10-20 16:06 . 1998-06-26 21:22 57,880 --a------ c:\windows\system32\spin32.ocx
2008-10-20 15:56 . 2008-10-20 15:56 459,687 --a------ C:\bookmarks20.10.2008.html
2008-10-19 12:33 . 2008-10-19 12:33 <DIR> d-------- c:\program files\Ubi Soft
2008-10-19 12:33 . 2002-12-18 09:23 140,488 -ra------ c:\windows\system32\comdlg32.ocx
2008-10-19 12:33 . 2002-12-18 09:23 115,016 -ra------ c:\windows\system32\MSINET.OCX
2008-10-19 12:33 . 2002-12-18 09:23 89,360 -ra------ c:\windows\system32\VB5DB.DLL
2008-10-19 12:33 . 2002-12-18 09:23 69,632 -ra------ c:\windows\system32\xmltok.dll
2008-10-19 12:33 . 2002-12-18 09:23 36,864 -ra------ c:\windows\system32\xmlparse.dll
2008-10-19 12:33 . 2002-12-18 09:23 35,840 -ra------ c:\windows\system32\comdlg32.oca
2008-10-19 12:33 . 2002-12-18 22:20 26,096 -ra------ c:\windows\system32\xmlinst.exe
2008-10-13 21:46 . 2008-10-31 21:32 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-13 21:46 . 2004-08-17 15:49 93,184 --a------ c:\windows\system32\cmsetAC.dll
2008-10-05 19:48 . 2008-10-05 19:48 <DIR> d-------- c:\program files\IMSI
2008-10-05 11:59 . 2008-10-05 11:59 93 --a------ c:\windows\ALIK.INI
2008-10-05 11:57 . 2008-11-04 20:56 253,952 --------- c:\windows\Setup1.exe
2008-10-05 11:57 . 2008-11-04 20:56 73,728 --a------ c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 19:03 --------- d-----w c:\documents and settings\Jirka\Data aplikací\ConMet
2008-11-05 19:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\ConMet
2008-11-05 17:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-05 16:53 --------- d-----w c:\program files\Antivir
2008-11-05 14:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-03 19:22 --------- d-----w c:\program files\ConMet
2008-10-31 21:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-10-31 20:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 14:18 59,488 ----a-w c:\windows\system32\GenSvcInst.exe
2008-10-31 10:36 --------- d-----w c:\program files\Mozilla Firefox3
2008-10-05 18:17 --------- d-----w c:\program files\ESET
2008-10-04 16:10 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Leadertech
2008-09-29 12:47 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Ubisoft
2008-09-29 12:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-09-26 12:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Hyperballoid2
2008-09-26 12:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2008-09-22 20:15 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Wireshark
2008-09-22 20:12 --------- d-----w c:\program files\WinPcap
2008-09-22 20:05 --------- d-----w c:\program files\Common Files\AVSMedia
2008-09-22 20:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\AVS4YOU
2008-09-21 20:29 --------- d-----w c:\program files\Common Files\ParallelGraphics
2008-09-18 17:41 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-18 17:41 --------- d--h--r c:\documents and settings\Jirka\Data aplikací\SecuROM
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-13 17:32 --------- d-----w c:\documents and settings\Jirka\Data aplikací\CyberLink
2008-09-11 20:47 --------- d-----w c:\documents and settings\Jirka\Data aplikací\PCF-VLC
2008-09-11 20:40 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Participatory Culture Foundation
2008-09-10 12:56 --------- d-----w c:\program files\Logitech
2008-09-10 12:56 --------- d-----w c:\program files\Common Files\Logitech
2008-09-09 20:10 --------- d-----w c:\documents and settings\Jirka\Data aplikací\URSoft
2008-09-09 20:01 --------- d-----w c:\documents and settings\Jirka\Data aplikací\uTorrent
2008-09-09 11:20 --------- d-----w c:\documents and settings\Jirka\Data aplikací\BitSpirit
2008-09-08 15:38 --------- d-----w c:\program files\CyberLink
2008-09-08 15:37 505,392 ----a-w c:\windows\system32\msvcp71.dll
2008-09-08 14:38 67,072 ----a-w c:\windows\system32\realbap1.dll
2008-09-08 12:51 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Sony
2008-09-08 09:57 --------- d-----w c:\program files\Java
2008-09-08 09:56 --------- d-----w c:\program files\Common Files\Java
2008-09-05 17:30 --------- d-----w c:\documents and settings\Jirka\Data aplikací\IrfanView
2008-09-05 16:37 --------- d-----w c:\documents and settings\Jirka\Data aplikací\EPSON
2008-09-05 16:32 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-05 16:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\UDL
2008-09-05 16:28 --------- d-----w c:\program files\epson
2008-09-05 16:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-09-05 16:00 --------- d-----w c:\program files\MSBuild
2008-09-05 16:00 --------- d-----w c:\program files\Microsoft Works
2008-09-05 15:59 --------- d-----w c:\program files\Microsoft.NET
2008-09-05 15:57 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-05 15:50 674,600 ----a-w c:\windows\system32\pbsvc.exe
2008-09-05 14:50 491,520 ----a-w c:\windows\WebIE.dll
2008-09-05 14:50 45,056 ----a-w c:\windows\TRNOEH.DLL
2008-09-05 14:50 356,352 ----a-w c:\windows\TrnOutl.dll
2008-09-05 14:50 294,912 ----a-w c:\windows\TrnWord.dll
2008-09-05 14:50 26,624 ----a-w c:\windows\OETRN.EXE
2008-09-05 14:50 200,704 ----a-w c:\windows\TRNOET.DLL
2008-09-05 14:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2008-09-03 16:06 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-09-03 16:06 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-09-03 15:37 737,280 ----a-w c:\windows\iun6002.exe
2008-09-01 13:50 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-08-28 17:50 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-08-20 05:38 660,480 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:46 2,182,528 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46 2,059,904 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_19.45.16.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-05 18:36:21 70,106 ----a-w c:\windows\system32\perfc005.dat
+ 2008-11-05 18:46:02 70,106 ----a-w c:\windows\system32\perfc005.dat
- 2008-11-05 18:36:21 59,576 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-05 18:46:02 59,576 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-05 18:36:21 393,192 ----a-w c:\windows\system32\perfh005.dat
+ 2008-11-05 18:46:02 393,192 ----a-w c:\windows\system32\perfh005.dat
- 2008-11-05 18:36:21 395,336 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-05 18:46:02 395,336 ----a-w c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18BF432C-DBA1-4596-97C0-53EB14188BBE}]
2004-08-17 15:49 93184 --a------ c:\windows\system32\cmsetAC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2008-11-03 3590144]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-05 c:\windows\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\antivir\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\Antivir\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 d:\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
--a------ 2006-02-13 05:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
--a------ 2008-08-23 03:22 611376 c:\program files\ESET\ESET Smart Security\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 15:24 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-12 23:28 1481968 c:\program files\Antivir\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"bgsvcgen"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"d:\\Video-programy\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Video-programy\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Video-programy\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"e:\\Baja 1000\\Baja.exe"=

R0 gjhflfpd;gjhflfpd;c:\windows\system32\drivers\gjhflfpd.sys [2001-10-25 23424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;c:\windows\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [ ]
S3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-01 306432]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4b51801-7532-11dd-b0cc-806d6172696f}]
\Shell\AutoRun\command - H:\Setup.exe

*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'

2008-09-26 c:\windows\Tasks\1-Click Maintenance.job
- d:\test-programy\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 20:02:45
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Antivir\a-squared Free\a2service.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2008-11-05 20:05:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-05 19:05:44
ComboFix2.txt 2008-11-05 18:45:44

Před spuštěním: 8 417 452 032
Po spuštění: 8,406,691,840

306 --- E O F --- 2008-10-27 21:13:30

--------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:36, on 5.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Antivir\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ConMet\ConMet.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Antivir\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {18BF432C-DBA1-4596-97C0-53EB14188BBE} - C:\WINDOWS\system32\cmsetAC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\antivir\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\Antivir\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[jaro3]

Stahni jsi Avanger
do něj podle navodu: http://www.viry.cz/forum/viewtopic.php?t=19832%20.
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:\windows\system32\cmsetac.dll


po restartu novy log z avengeru, stejne tak si zopakuj Combofix, budeme pokracovat.

[strelec3751]

Tak tady jsou nové logy

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:\windows\system32\cmsetac.dll"
Deletion of file "c:\windows\system32\cmsetac.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ComboFix 08-11-04.02 - Jirka 2008-11-05 20:59:30.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.700 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\cfscript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
c:\windows\iun6002.exe
c:\windows\system32\cmsetAC.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe
c:\windows\system32\cmsetAC.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PARTIZAN
-------\Legacy_REGGUARD
-------\Service_Partizan
-------\Service_RegGuard


((((((((((((((((((((((((( Soubory vytvořené od 2008-10-05 do 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 18:42 . 2008-11-05 18:42 382 --a------ c:\windows\wininit.ini
2008-11-05 17:53 . 2008-11-05 18:43 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-11-05 17:47 . 2008-11-05 17:47 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\zts2.exe
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\system32\vcmgcd32.dll
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\system32\iifgfgf.dll
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\rundll16.exe
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\rundl132.dll
2008-11-05 16:34 . 2008-11-05 16:34 <DIR> d-a------ c:\windows\logo1_.exe
2008-11-05 16:28 . 2008-11-05 16:36 250 --a------ c:\windows\gmer.ini
2008-11-05 15:53 . 2008-11-05 15:53 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2008-11-05 15:53 . 2008-11-05 15:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-05 15:44 . 2008-11-05 20:36 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\SUPERAntiSpyware.com
2008-11-05 15:44 . 2008-11-05 15:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-11-05 14:22 . 2008-11-05 14:23 2,793,917 --a------ c:\windows\system32\VDSFNKPXVN
2008-11-05 12:21 . 2008-11-05 12:21 43 --a------ c:\windows\system32\Partizan.RRI
2008-11-05 11:56 . 2008-11-05 11:56 <DIR> d-------- c:\windows\RestoreSafeDeleted
2008-11-04 20:57 . 2008-11-04 20:57 82 --a------ c:\windows\SILCOM_P.INI
2008-11-04 17:53 . 1996-02-14 14:01 92,208 --a------ c:\windows\system32\WING.DLL
2008-11-04 17:53 . 1996-02-14 14:01 12,800 --a------ c:\windows\system32\WING32.DLL
2008-11-04 17:49 . 1996-02-14 14:01 188,960 --a------ c:\windows\system\WINGDE.DLL
2008-11-04 17:49 . 1996-02-14 14:01 92,208 --a------ c:\windows\system\WING.DLL
2008-11-04 17:49 . 1998-09-02 12:43 81,920 --a------ c:\windows\system\LZSCMPRS.DLL
2008-11-04 17:49 . 1996-02-14 14:01 12,800 --a------ c:\windows\system\WING32.DLL
2008-11-04 17:49 . 1996-02-14 14:01 6,736 --a------ c:\windows\system\WINGDIB.DRV
2008-11-04 17:49 . 1996-02-14 14:01 5,024 --a------ c:\windows\system\WINGPAL.WND
2008-11-04 17:49 . 1996-02-14 14:01 1,966 --a------ c:\windows\system\DVA.386
2008-11-04 17:47 . 1996-11-05 16:19 247,648 --a------ c:\windows\UNINST16.EXE
2008-11-04 17:47 . 1995-07-13 18:43 26,768 --a------ c:\windows\system\CTL3D.DLL
2008-11-04 17:47 . 2008-11-04 18:15 230 --a------ c:\windows\compedia.ini
2008-10-31 21:41 . 2008-10-31 21:41 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\DivX
2008-10-31 21:37 . 2008-10-31 21:37 <DIR> d-------- c:\program files\proDAD
2008-10-31 21:37 . 2008-11-05 19:37 <DIR> d-------- c:\program files\LooksBuilderSE
2008-10-31 21:37 . 2008-10-31 21:37 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\proDAD
2008-10-31 21:37 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2008-10-31 21:36 . 2008-10-31 23:10 <DIR> d-------- c:\program files\Boris FX, Inc
2008-10-31 21:36 . 2003-06-26 10:04 237,568 -ra------ c:\windows\system32\qtmlClient.dll
2008-10-31 21:36 . 2003-07-01 16:49 69,632 --a------ c:\windows\system32\MtxPreview.dll
2008-10-31 21:36 . 2003-07-01 16:49 49,152 --a------ c:\windows\system32\MtxParhBFXPreview.dll
2008-10-31 21:36 . 2003-01-20 09:08 49,152 --a------ c:\windows\system32\CvoAPI.dll
2008-10-31 21:36 . 2003-07-09 10:43 45,056 --a------ c:\windows\system32\BFXSrcFilter.ax
2008-10-31 21:36 . 2008-10-31 23:18 2,689 --a------ c:\windows\Graffiti5.2Pin.ini
2008-10-31 21:32 . 2008-10-31 21:32 <DIR> d-------- c:\program files\Common Files\Pinnacle
2008-10-31 21:32 . 2005-09-23 23:18 171,520 --a------ c:\windows\system32\drivers\MarvinBus.sys
2008-10-31 21:31 . 2008-10-31 22:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle Studio Ultimate
2008-10-31 21:31 . 2008-10-31 22:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2008-10-31 21:28 . 2008-10-31 21:35 <DIR> d-------- c:\program files\Pinnacle
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- c:\program files\Common Files\Yahoo!
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Studio 12
2008-10-31 21:28 . 2008-10-31 21:28 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle Studio Plus
2008-10-31 21:22 . 2008-10-31 23:23 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle
2008-10-31 20:48 . 2008-10-31 20:49 <DIR> d-------- c:\documents and settings\Jirka\Data aplikací\Media Player Classic
2008-10-31 11:43 . 2008-10-31 11:43 459,857 --a------ C:\bookmarks 31.10.2008.html
2008-10-20 16:06 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-10-20 16:06 . 2004-03-09 16:45 440,352 --a------ c:\windows\system32\MSHFLXGD.OCX
2008-10-20 16:06 . 2004-03-09 16:45 224,016 --a------ c:\windows\system32\TABCTL32.OCX
2008-10-20 16:06 . 2004-03-09 16:45 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2008-10-20 16:06 . 1998-06-26 21:22 205,848 --a------ c:\windows\system32\threed32.ocx
2008-10-20 16:06 . 2004-03-09 16:45 167,968 --a------ c:\windows\system32\MSMASK32.OCX
2008-10-20 16:06 . 1999-08-11 14:21 129,024 --a------ c:\windows\system32\VDGT.ocx
2008-10-20 16:06 . 1998-06-26 21:22 84,000 --a------ c:\windows\system32\msoutl32.ocx
2008-10-20 16:06 . 1998-06-23 20:57 67,376 --a------ c:\windows\system32\SYSINFO.OCX
2008-10-20 16:06 . 1998-06-26 21:22 57,880 --a------ c:\windows\system32\spin32.ocx
2008-10-20 15:56 . 2008-10-20 15:56 459,687 --a------ C:\bookmarks20.10.2008.html
2008-10-19 12:33 . 2008-10-19 12:33 <DIR> d-------- c:\program files\Ubi Soft
2008-10-19 12:33 . 2002-12-18 09:23 140,488 -ra------ c:\windows\system32\comdlg32.ocx
2008-10-19 12:33 . 2002-12-18 09:23 115,016 -ra------ c:\windows\system32\MSINET.OCX
2008-10-19 12:33 . 2002-12-18 09:23 89,360 -ra------ c:\windows\system32\VB5DB.DLL
2008-10-19 12:33 . 2002-12-18 09:23 69,632 -ra------ c:\windows\system32\xmltok.dll
2008-10-19 12:33 . 2002-12-18 09:23 36,864 -ra------ c:\windows\system32\xmlparse.dll
2008-10-19 12:33 . 2002-12-18 09:23 35,840 -ra------ c:\windows\system32\comdlg32.oca
2008-10-19 12:33 . 2002-12-18 22:20 26,096 -ra------ c:\windows\system32\xmlinst.exe
2008-10-13 21:46 . 2008-10-31 21:32 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-13 21:46 . 2004-08-17 15:49 93,184 --a------ c:\windows\system32\cmsetAC.dll
2008-10-05 19:48 . 2008-10-05 19:48 <DIR> d-------- c:\program files\IMSI
2008-10-05 11:59 . 2008-10-05 11:59 93 --a------ c:\windows\ALIK.INI
2008-10-05 11:57 . 2008-11-04 20:56 253,952 --------- c:\windows\Setup1.exe
2008-10-05 11:57 . 2008-11-04 20:56 73,728 --a------ c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 20:02 --------- d-----w c:\documents and settings\Jirka\Data aplikací\ConMet
2008-11-05 20:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\ConMet
2008-11-05 19:39 --------- d-----w c:\program files\Antivir
2008-11-05 19:38 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-05 19:36 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-03 19:22 --------- d-----w c:\program files\ConMet
2008-10-31 21:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-10-31 20:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 14:18 59,488 ----a-w c:\windows\system32\GenSvcInst.exe
2008-10-31 10:36 --------- d-----w c:\program files\Mozilla Firefox3
2008-10-05 18:17 --------- d-----w c:\program files\ESET
2008-10-04 16:10 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Leadertech
2008-09-29 12:47 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Ubisoft
2008-09-29 12:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-09-26 12:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Hyperballoid2
2008-09-26 12:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2008-09-22 20:15 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Wireshark
2008-09-22 20:12 --------- d-----w c:\program files\WinPcap
2008-09-22 20:05 --------- d-----w c:\program files\Common Files\AVSMedia
2008-09-22 20:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\AVS4YOU
2008-09-21 20:29 --------- d-----w c:\program files\Common Files\ParallelGraphics
2008-09-18 17:41 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-18 17:41 --------- d--h--r c:\documents and settings\Jirka\Data aplikací\SecuROM
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-13 17:32 --------- d-----w c:\documents and settings\Jirka\Data aplikací\CyberLink
2008-09-11 20:47 --------- d-----w c:\documents and settings\Jirka\Data aplikací\PCF-VLC
2008-09-11 20:40 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Participatory Culture Foundation
2008-09-10 12:56 --------- d-----w c:\program files\Logitech
2008-09-10 12:56 --------- d-----w c:\program files\Common Files\Logitech
2008-09-09 20:10 --------- d-----w c:\documents and settings\Jirka\Data aplikací\URSoft
2008-09-09 20:01 --------- d-----w c:\documents and settings\Jirka\Data aplikací\uTorrent
2008-09-09 11:20 --------- d-----w c:\documents and settings\Jirka\Data aplikací\BitSpirit
2008-09-08 15:38 --------- d-----w c:\program files\CyberLink
2008-09-08 15:37 505,392 ----a-w c:\windows\system32\msvcp71.dll
2008-09-08 14:38 67,072 ----a-w c:\windows\system32\realbap1.dll
2008-09-08 12:51 --------- d-----w c:\documents and settings\Jirka\Data aplikací\Sony
2008-09-08 09:57 --------- d-----w c:\program files\Java
2008-09-08 09:56 --------- d-----w c:\program files\Common Files\Java
2008-09-05 17:30 --------- d-----w c:\documents and settings\Jirka\Data aplikací\IrfanView
2008-09-05 16:37 --------- d-----w c:\documents and settings\Jirka\Data aplikací\EPSON
2008-09-05 16:32 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-05 16:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\UDL
2008-09-05 16:28 --------- d-----w c:\program files\epson
2008-09-05 16:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-09-05 16:00 --------- d-----w c:\program files\MSBuild
2008-09-05 16:00 --------- d-----w c:\program files\Microsoft Works
2008-09-05 15:59 --------- d-----w c:\program files\Microsoft.NET
2008-09-05 15:57 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-05 15:50 674,600 ----a-w c:\windows\system32\pbsvc.exe
2008-09-05 14:50 491,520 ----a-w c:\windows\WebIE.dll
2008-09-05 14:50 45,056 ----a-w c:\windows\TRNOEH.DLL
2008-09-05 14:50 356,352 ----a-w c:\windows\TrnOutl.dll
2008-09-05 14:50 294,912 ----a-w c:\windows\TrnWord.dll
2008-09-05 14:50 26,624 ----a-w c:\windows\OETRN.EXE
2008-09-05 14:50 200,704 ----a-w c:\windows\TRNOET.DLL
2008-09-05 14:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\CyberLink
2008-09-03 16:06 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-09-03 16:06 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-09-01 13:50 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-08-28 17:50 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-08-20 05:38 660,480 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:46 2,182,528 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46 2,059,904 ----a-w c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18BF432C-DBA1-4596-97C0-53EB14188BBE}]
2004-08-17 15:49 93184 --a------ c:\windows\system32\cmsetAC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2008-11-03 3590144]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 d:\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2007-12-21 07:21 1443072 c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
--a------ 2006-02-13 05:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
--a------ 2008-08-23 03:22 611376 c:\program files\ESET\ESET Smart Security\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 15:24 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2008-04-04 10:38 88584 c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2002-07-05 15:37 491008 c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"bgsvcgen"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\uTorrent\\utorrent.exe"=
"d:\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"d:\\Video-programy\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Video-programy\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Video-programy\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"e:\\Baja 1000\\Baja.exe"=

R0 gjhflfpd;gjhflfpd;c:\windows\system32\drivers\gjhflfpd.sys [2001-10-25 23424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;c:\windows\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-01 306432]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4b51801-7532-11dd-b0cc-806d6172696f}]
\Shell\AutoRun\command - H:\Setup.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-09-26 c:\windows\Tasks\1-Click Maintenance.job
- d:\test-programy\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-SUPERAntiSpyware - c:\program files\antivir\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 21:02:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkový čas: 2008-11-05 21:04:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-05 20:04:52
ComboFix2.txt 2008-11-05 19:05:51

Před spuštěním: 8 476 110 848
Po spuštění: 8,431,632,384

284 --- E O F --- 2008-10-27 21:13:30

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:55, on 5.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Antivir\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {18BF432C-DBA1-4596-97C0-53EB14188BBE} - C:\WINDOWS\system32\cmsetAC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Antivir\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[jaro3]

Takže jsem se kouknul na zahraniční fóra a tam jim to šlo odmazat ComboFixem v nouzovém režimu, tak to zkus ještě jednou a deaktivuj předtím NOD32.

[strelec3751]

nepomohlo

[jaro3]

Tak to nevím, v NODu je pořád v karanténě? Zkusil bych NoD odinstalovat a pak to provést znovu. Koukni jestli není v karanténě i v Ad-Aware.Jinak mě napadá připojit HDD k jinému PC a pak smazat...
EDIT:No zkus si stáhnout bezplatný Avast!cleaner z adresy www.avast.cz Jen mimochodem při "čištění" tímto programem bys měl mít vypnutou rezidentní ochranu a nic na compu nedělat jinak se počítač může znova nakazit.
http://www.avast.cz/cze/down_cleaner.html

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
použij i T-Cleaner
http://www.sweb.cz/Marinus/T-Cleaner.exe
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

[jaro3]

Ještě jsem našel , jak to řešili zde:
http://en.allexperts.com/q/Computer-Sec ... jan-19.htm
Možná nebude na závadu použít i ten Dr.Web's CureIt
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Run the utility and press the "Start" button in the opened window. Confirm the launch by pressing the "OK" button and wait for the scanning results of the main memory and startup files. Select the Complete scan and press the "Start scanning" button on the scanner right.

When finished, please post me the ComboFix log located at C:\ComboFix.txt and also a fresh HJT scan log.

[strelec3751]

díky jdu to vyzkoušet

[strelec3751]

díky moc za radu ten dr.web... pomohl najít vir v jiném souboru (gjhflfpd.sys) a po je smazání šel smáznout i ten cmsetAC.dll. Ještě jednou dík

[jaro3]

Není zač, jsem rád , že se to vyřešilo.