PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:31, on 12.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Samurize\Client.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tomáš\Plocha\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bitcomet.com/
O2 - BHO: (no name) - {0BBDE44C-079B-4E03-B1F5-45A16691F551} - (no file)
O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\IC3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll
O2 - BHO: (no name) - {2AE66C8E-D2EB-4256-A5F9-F02DD25C07AA} - (no file)
O2 - BHO: (no name) - {3E238016-2886-4A24-9EEE-DF90C74C61CB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {588C7B62-DB2A-4ECC-BE87-0ECDC553054E} - (no file)
O2 - BHO: (no name) - {7590549B-B0F1-4929-8BBD-E02B56C5622C} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {81219520-EA09-4E31-9F0B-55A1EB62374E} - (no file)
O2 - BHO: (no name) - {8C909D5C-1FDE-4724-B4EA-D424EDDEAC0C} - (no file)
O2 - BHO: (no name) - {96292847-2CCA-4667-9D03-9158EB618D42} - (no file)
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O2 - BHO: (no name) - {C7E419CB-E54C-4563-BF49-F4A11E64DD4E} - (no file)
O2 - BHO: (no name) - {CBD5B252-BBE3-424C-87C6-D2B8C2FDB7F2} - C:\WINDOWS\system32\vtutq.dll
O2 - BHO: (no name) - {DFB13717-B443-4AD1-AD64-F08D761889A9} - (no file)
O2 - BHO: (no name) - {E5032733-F294-4A28-B7C8-DFF90B4A5BD8} - (no file)
O2 - BHO: (no name) - {F501C2AB-834A-4B9D-A86B-A1EADA760B00} - C:\WINDOWS\system32\cbxuvsp.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [d0ddf406] rundll32.exe "C:\WINDOWS\system32\hxmsnoas.dll",b
O4 - HKLM\..\Run: [BMd3eec79a] Rundll32.exe "C:\WINDOWS\system32\ufcfdfsq.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O20 - Winlogon Notify: cbxuvsp - cbxuvsp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7238 bytes

log prosím i s hlavičkou
a po něm rovnou
log z
SDFIX
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah

a i log z combofixu bude asi třeba (před skenem vypni štít Spybotu)
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Takže tady je log z SDFIXu:

SDFix: Version 1.169
Run by Tom ç on so 12.04.2008 at 12:19

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CNCS32.DLL - Deleted
C:\WINDOWS\Temp\ms-6E.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 12:33:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Tom ç\\Data aplikacˇ\\U3\\0000187B85733443\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\Tom ç\\Data aplikacˇ\\U3\\0000187B85733443\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Tom ç\Data aplikacˇ\U3\temp\Launchpad Removal.exe"

Finished!

A tady je log z ComboFixu:

ComboFix 08-04-11.7 - Tomáš 2008-04-12 12:50:35.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.247 [GMT 2:00]
Running from: C:\Documents and Settings\Tomáš\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aanyctwr.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\crabdjjt.dll
C:\WINDOWS\system32\cuwareuf.dll
C:\WINDOWS\system32\djisnagp.dll
C:\WINDOWS\system32\drnhtprx.dll
C:\WINDOWS\system32\fuerawuc.ini
C:\WINDOWS\system32\gygtamjb.dll
C:\WINDOWS\system32\ihwhyylt.dll
C:\WINDOWS\system32\juvlhjdl.ini
C:\WINDOWS\system32\kynfbhce.dll
C:\WINDOWS\system32\ldjhlvuj.dll
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\pgansijd.ini
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rwtcynaa.ini
C:\WINDOWS\system32\tgpfdioh.dll
C:\WINDOWS\system32\tjjdbarc.ini
C:\WINDOWS\system32\twjrmtwd.dll
C:\WINDOWS\system32\ufcfdfsq.dll
C:\WINDOWS\system32\vtutq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSDIRECT


((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 12:11 . 2008-04-12 12:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 11:42 . 2008-04-12 12:39 <DIR> d-------- C:\SDFix
2008-04-12 11:41 . 2008-04-12 11:41 1,418,507 --a------ C:\SDFix.exe
2008-04-12 10:22 . 2008-04-12 10:22 <DIR> d-------- C:\Program Files\Macromedia
2008-04-12 10:22 . 2008-04-12 10:22 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-04-11 21:51 . 2008-04-11 21:51 3,648 --a------ C:\WINDOWS\system32\qpdlafvy.dll
2008-04-11 21:05 . 2008-04-11 21:05 0 --a------ C:\WINDOWS\BMd3eec79a.xml
2008-04-10 21:07 . 2008-04-11 21:51 594 ---hs---- C:\WINDOWS\system32\saonsmxh.ini
2008-04-10 21:04 . 2008-04-10 21:04 3,648 --a------ C:\WINDOWS\system32\rtppytii.dll
2008-04-09 21:03 . 2008-04-09 21:03 3,648 --a------ C:\WINDOWS\system32\tyrmmmma.dll
2008-04-09 20:03 . 2008-04-09 20:03 <DIR> d-------- C:\z_Drivers
2008-04-09 18:56 . 2008-04-09 18:56 3,648 --a------ C:\WINDOWS\system32\xfnwqdcr.dll
2008-04-08 17:04 . 2008-04-08 17:04 3,648 --a------ C:\WINDOWS\system32\qejibtpq.dll
2008-04-07 16:57 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-07 16:57 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 15:45 . 2008-03-30 15:45 6 --a------ C:\tw0001.dat
2008-03-30 15:34 . 2008-04-07 16:51 <DIR> d-------- C:\Program Files\Bonjour
2008-03-30 15:09 . 2008-03-30 15:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-30 14:32 . 2008-04-10 20:28 <DIR> d-------- C:\Program Files\PowerISO
2008-03-30 14:11 . 2008-04-07 16:52 <DIR> d-------- C:\Program Files\free-downloads.net
2008-03-30 14:11 . 2008-03-30 14:11 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-29 14:19 . 2008-03-29 14:25 416 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-26 17:13 . 2008-03-26 17:13 1,854 --ahs---- C:\WINDOWS\system32\jaskvywk.ini
2008-03-25 14:17 . 2008-03-26 17:11 1,794 --ahs---- C:\WINDOWS\system32\xidvlklc.ini
2008-03-24 11:35 . 2008-03-25 14:11 1,554 --ahs---- C:\WINDOWS\system32\dsrfkwhn.ini
2008-03-23 11:28 . 2008-03-24 11:28 1,194 --ahs---- C:\WINDOWS\system32\ckfwkbug.ini
2008-03-22 11:17 . 2008-03-23 11:25 1,074 --ahs---- C:\WINDOWS\system32\ycvkjalp.ini
2008-03-20 22:51 . 2008-03-22 11:14 774 --ahs---- C:\WINDOWS\system32\vlnwiyhg.ini
2008-03-20 15:24 . 2008-03-20 15:30 <DIR> d-------- C:\Program Files\The KMPlayer
2008-03-20 09:25 . 2008-03-20 09:25 294 --ahs---- C:\WINDOWS\system32\lnpgeqib.ini
2008-03-18 17:39 . 2008-03-18 17:39 294 --ahs---- C:\WINDOWS\system32\ajypmtqw.ini
2008-03-16 21:29 . 2008-03-16 21:30 <DIR> d-------- C:\EasyBoot
2008-03-16 20:40 . 2008-03-16 20:41 <DIR> d-------- C:\REATOGO-240
2008-03-16 19:59 . 2006-08-21 13:16 <DIR> d-------- C:\Program Files\REATOGO-240

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 10:09 2,075 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-11 19:00 --------- d-----w C:\Program Files\FlashGet
2008-04-09 17:44 --------- d-----w C:\Program Files\Kool Musik
2008-03-30 13:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-28 15:16 --------- d-----w C:\Program Files\PSPad editor
2008-03-12 19:41 --------- d-----w C:\Program Files\RocketDock
2008-03-04 17:45 --------- d-----w C:\Program Files\Samurize
2008-03-01 12:04 --------- d-----w C:\Program Files\Burn4Free
2008-03-01 11:39 --------- d-----w C:\Program Files\Nokia
2008-03-01 11:35 --------- d-----w C:\Program Files\PVD15
2008-02-29 14:35 --------- d-----w C:\Program Files\Memory Max
2008-02-27 18:53 --------- d-----w C:\Program Files\iTunes
2008-02-24 19:37 --------- d-----w C:\Program Files\MoRUN.net
2008-02-24 16:09 --------- d-----w C:\Program Files\RadarSync
2008-02-24 12:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-13 16:00 --------- d-----w C:\Program Files\DivX
2008-02-07 14:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-07 14:41 249,856 ------w C:\WINDOWS\Setup1.exe
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BBDE44C-079B-4E03-B1F5-45A16691F551}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AE66C8E-D2EB-4256-A5F9-F02DD25C07AA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E238016-2886-4A24-9EEE-DF90C74C61CB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{588C7B62-DB2A-4ECC-BE87-0ECDC553054E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7590549B-B0F1-4929-8BBD-E02B56C5622C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81219520-EA09-4E31-9F0B-55A1EB62374E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A9143AE-26B7-4F79-8F6F-DFB085727DFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C909D5C-1FDE-4724-B4EA-D424EDDEAC0C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96292847-2CCA-4667-9D03-9158EB618D42}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7E419CB-E54C-4563-BF49-F4A11E64DD4E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFB13717-B443-4AD1-AD64-F08D761889A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5032733-F294-4A28-B7C8-DFF90B4A5BD8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F501C2AB-834A-4B9D-A86B-A1EADA760B00}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"SystemDriverLoad"="" []
"alpha"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"beta"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"gamma"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"SystemDriver"="" []
"ADriver"="" []
"CDriver"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"DDriver"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"d0ddf406"="C:\WINDOWS\system32\hxmsnoas.dll" [ ]
"BMd3eec79a"="C:\WINDOWS\system32\ufcfdfsq.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvsp]
cbxuvsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 10:10 2007088 C:\PROGRA~1\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MySQL"=2 (0x2)
"iPod Service"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"Apache2"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13388:TCP"= 13388:TCP:BitComet 13388 TCP
"13388:UDP"= 13388:UDP:BitComet 13388 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 mxInsMon;mxInsMon;C:\PROGRA~1\ALADDI~1\INTERN~1\mxInsMon.sys [2007-09-29 17:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 18:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 13:04:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"C:\dev\prog\mysql50\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Samurize\Client.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-12 13:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 11:09:12
Adresářů: 25, Volných bajtů: 51,342,061,568
Adres ý…: 28, Volněch bajt…: 51,289,923,584

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis+ info jak se chová komp

Tak sem zkoušel udělat to co si mi poradil v poznámkovém bloku, ale vyhodilo mi to tady tu hlášku:

CFScript Name error
Were you trying to run CFScript?
The name, CFScript appears to be incorrectly spelt

vytvořil jsi opravdu ten texťák přesně podle návodu?

zkusme to znova
použijT-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

potom znova stáhni combofix na plochu
postupuj znovu přesně podle návodu na vytvoření skriptu,znovu ho použij a znovu před použitím vypni Spybot

Tak už to funguje... po tom co jsem spustil T-Cleaner... tady je teda log z ComboFixu:

ComboFix 08-04-11.8 - Tomáš 2008-04-12 15:31:47.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.194 [GMT 2:00]
Running from: C:\Documents and Settings\Tomáš\Plocha\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Tom ç\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 12:11 . 2008-04-12 12:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 11:42 . 2008-04-12 12:39 <DIR> d-------- C:\SDFix
2008-04-12 11:41 . 2008-04-12 11:41 1,418,507 --a------ C:\SDFix.exe
2008-04-12 10:22 . 2008-04-12 10:22 <DIR> d-------- C:\Program Files\Macromedia
2008-04-12 10:22 . 2008-04-12 10:22 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-04-11 21:51 . 2008-04-11 21:51 3,648 --a------ C:\WINDOWS\system32\qpdlafvy.dll
2008-04-11 21:05 . 2008-04-11 21:05 0 --a------ C:\WINDOWS\BMd3eec79a.xml
2008-04-10 21:07 . 2008-04-11 21:51 594 ---hs---- C:\WINDOWS\system32\saonsmxh.ini
2008-04-10 21:04 . 2008-04-10 21:04 3,648 --a------ C:\WINDOWS\system32\rtppytii.dll
2008-04-09 21:03 . 2008-04-09 21:03 3,648 --a------ C:\WINDOWS\system32\tyrmmmma.dll
2008-04-09 20:03 . 2008-04-09 20:03 <DIR> d-------- C:\z_Drivers
2008-04-09 18:56 . 2008-04-09 18:56 3,648 --a------ C:\WINDOWS\system32\xfnwqdcr.dll
2008-04-08 17:04 . 2008-04-08 17:04 3,648 --a------ C:\WINDOWS\system32\qejibtpq.dll
2008-04-07 16:57 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-07 16:57 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 15:45 . 2008-03-30 15:45 6 --a------ C:\tw0001.dat
2008-03-30 15:34 . 2008-04-07 16:51 <DIR> d-------- C:\Program Files\Bonjour
2008-03-30 15:09 . 2008-03-30 15:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-30 14:32 . 2008-04-10 20:28 <DIR> d-------- C:\Program Files\PowerISO
2008-03-30 14:11 . 2008-04-07 16:52 <DIR> d-------- C:\Program Files\free-downloads.net
2008-03-30 14:11 . 2008-03-30 14:11 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-29 14:19 . 2008-03-29 14:25 416 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-26 17:13 . 2008-03-26 17:13 1,854 --ahs---- C:\WINDOWS\system32\jaskvywk.ini
2008-03-25 14:17 . 2008-03-26 17:11 1,794 --ahs---- C:\WINDOWS\system32\xidvlklc.ini
2008-03-24 11:35 . 2008-03-25 14:11 1,554 --ahs---- C:\WINDOWS\system32\dsrfkwhn.ini
2008-03-23 11:28 . 2008-03-24 11:28 1,194 --ahs---- C:\WINDOWS\system32\ckfwkbug.ini
2008-03-22 11:17 . 2008-03-23 11:25 1,074 --ahs---- C:\WINDOWS\system32\ycvkjalp.ini
2008-03-20 22:51 . 2008-03-22 11:14 774 --ahs---- C:\WINDOWS\system32\vlnwiyhg.ini
2008-03-20 15:24 . 2008-03-20 15:30 <DIR> d-------- C:\Program Files\The KMPlayer
2008-03-20 09:25 . 2008-03-20 09:25 294 --ahs---- C:\WINDOWS\system32\lnpgeqib.ini
2008-03-18 17:39 . 2008-03-18 17:39 294 --ahs---- C:\WINDOWS\system32\ajypmtqw.ini
2008-03-16 21:29 . 2008-03-16 21:30 <DIR> d-------- C:\EasyBoot
2008-03-16 20:40 . 2008-03-16 20:41 <DIR> d-------- C:\REATOGO-240
2008-03-16 19:59 . 2006-08-21 13:16 <DIR> d-------- C:\Program Files\REATOGO-240

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 10:09 2,075 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-11 20:00 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\OpenOffice.org2
2008-04-11 19:00 --------- d-----w C:\Program Files\FlashGet
2008-04-09 17:44 --------- d-----w C:\Program Files\Kool Musik
2008-03-30 13:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 22:54 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\U3
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-28 15:16 --------- d-----w C:\Program Files\PSPad editor
2008-03-12 19:41 --------- d-----w C:\Program Files\RocketDock
2008-03-04 17:45 --------- d-----w C:\Program Files\Samurize
2008-03-01 12:04 --------- d-----w C:\Program Files\Burn4Free
2008-03-01 11:39 --------- d-----w C:\Program Files\Nokia
2008-03-01 11:35 --------- d-----w C:\Program Files\PVD15
2008-02-29 14:35 --------- d-----w C:\Program Files\Memory Max
2008-02-28 19:57 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\ExportTool
2008-02-27 18:53 --------- d-----w C:\Program Files\iTunes
2008-02-24 19:44 --------- d-----w C:\Documents and Settings\Tomáš\Data aplikací\Bret Taylor
2008-02-24 19:37 --------- d-----w C:\Program Files\MoRUN.net
2008-02-24 16:57 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-02-24 16:09 --------- d-----w C:\Program Files\RadarSync
2008-02-24 14:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-24 12:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-13 16:00 --------- d-----w C:\Program Files\DivX
2008-02-07 14:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-07 14:41 249,856 ------w C:\WINDOWS\Setup1.exe
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"SystemDriverLoad"="" []
"alpha"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"beta"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"gamma"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"SystemDriver"="" []
"ADriver"="" []
"CDriver"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]
"DDriver"="c:\z_Drivers\svchost.exe" [2008-04-09 20:03 198144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvsp]
cbxuvsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 10:10 2007088 C:\PROGRA~1\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MySQL"=2 (0x2)
"iPod Service"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"Apache2"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13388:TCP"= 13388:TCP:BitComet 13388 TCP
"13388:UDP"= 13388:UDP:BitComet 13388 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 mxInsMon;mxInsMon;C:\PROGRA~1\ALADDI~1\INTERN~1\mxInsMon.sys [2007-09-29 17:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 18:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 15:39:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"C:\dev\prog\mysql50\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.

Počítač se mi zdá rychlejší, už se neseká jak se sekal a Avast mně neotravuje přítomností viru...
...tady dávám log z hijackthisu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tomáš\Plocha\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bitcomet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\IC3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CHelper Class - {99A7C4DD-B2E6-4CA0-BB6E-737A61364155} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra 'Tools' menuitem: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\PROGRA~1\EUROTR~2\e2003i.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: cbxuvsp - cbxuvsp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 5138 bytes

ale já sem chtěl aby jsi zopakoval ten čistící proces a opravdu podrobně přečetl návod jak vytvořit ten texťák.
ještě se mi nestalo,že by šel sken combem a nešlo čištění. pokud to nepude,budu muset předělat skript pro jinej nástroj a to sem mi nechce!

ten komp je pořád zavirovanej!

S tim texťákem to už funguje...
to je ten přeposlední log... jinak zavirovanej je dost... je to znát na rychlosti kompu

takže čekám na log kterej vyběhne po tom čistícím procesu.