Zavirováno, prosím o kontrolu logu T-Cleaner nejde Vyřešeno

[jackm]

Ahoj, nedávno jsem tu byl, jenže teď mám zavirováno.
Avast po spuštění pc:

avast

Log z Malwarebytes:Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 5162

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.11.2010 11:36:49
mbam-log-2010-11-21 (11-36-49).txt

Typ skenu: Rychlý sken
Skenované objekty: 143335
Uplynulý čas: 4 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\CTF (Trojan.Dluca) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Log HiJackThis:Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:05, on 21.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\nicelemon\Desktop\SkypePortable\App\Skype\Phone\Skype.exe
C:\Users\nicelemon\Desktop\SkypePortable\App\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\nicelemon\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\nicelemon\AppData\Roaming\svghost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 4330 bytes

Díky

[Reklama]

[bledulka]

Ahoj,
v mbamu to smaž.

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[jackm]

Díky, mbam jsem smazal, pak dal nový sken a už bylo všude 0.
Proč se mi teď nezobrazuje Avast v Tray?(je zaplý)
Proč jsi mi neřekl, že mi to smaže savy a nastavení(něco jako cleaner), pracně nahraný CoD4 level je fuč, to sand není možné.
ComboFix 10-11-20.06 - nicelemon 21.11.2010 12:45:14.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.1367 [GMT 1:00]
Spuštěný z: c:\users\nicelemon\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\My.ini
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-21 11:49 . 2010-11-21 11:49 -------- d-----w- c:\users\nicelemon\AppData\Local\temp
2010-11-21 11:49 . 2010-11-21 11:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-21 10:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 10:31 . 2010-11-21 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 10:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 17:03 . 2010-11-21 10:49 234984 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-19 13:51 . 2010-11-19 13:51 -------- d-----w- c:\users\nicelemon\AppData\Local\PunkBuster
2010-11-19 13:33 . 2010-11-21 10:49 234984 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-19 13:33 . 2010-11-21 10:49 234984 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-11-19 13:33 . 2010-11-20 22:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-19 13:29 . 2010-11-19 13:29 -------- d-----w- c:\program files\Activision
2010-11-18 12:23 . 2010-11-18 12:23 -------- d-----w- c:\users\nicelemon\AppData\Local\2K Games
2010-11-17 19:43 . 2010-11-17 19:43 -------- d-----w- c:\program files\OGG To MP3 Plus
2010-11-17 14:46 . 2010-11-17 14:50 -------- d-----w- c:\users\nicelemon\AppData\Roaming\IcoFX
2010-11-17 14:46 . 2010-11-17 14:46 -------- d-----w- c:\program files\IcoFX 1.6
2010-11-16 18:21 . 2003-06-03 16:49 172032 ----a-w- c:\windows\system32\cddareader1.ax
2010-11-16 18:21 . 2010-11-16 18:22 -------- d-----w- c:\program files\Potaro
2010-11-14 16:25 . 2010-11-17 13:20 -------- d-----w- C:\www
2010-11-10 19:09 . 2010-11-10 19:11 -------- d-----w- c:\users\nicelemon\AppData\Roaming\PhotoFiltre Studio X
2010-11-10 19:09 . 2010-11-10 19:09 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-11-07 17:55 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-07 17:55 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-07 17:55 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-07 17:55 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-07 17:55 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-07 17:55 . 2010-11-07 17:55 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-07 17:55 . 2010-11-07 17:55 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-07 14:50 . 2010-11-07 14:51 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-11-07 14:50 . 2010-11-07 14:50 -------- d-----w- c:\program files\backburner 2
2010-11-07 14:50 . 2010-11-07 14:51 -------- d-----w- c:\program files\3DS_MAXy
2010-11-07 14:44 . 2010-11-07 14:47 -------- d-----w- c:\program files\EasyPHP5.2.10
2010-11-07 13:36 . 2010-11-07 14:50 -------- d-----w- c:\programdata\Autodesk
2010-11-07 13:34 . 2010-11-07 13:46 -------- d-----w- c:\program files\Autodesk
2010-11-07 13:34 . 2010-11-07 13:46 -------- d-----w- c:\users\nicelemon\AppData\Local\Autodesk
2010-11-07 13:33 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-11-05 22:04 . 2010-11-17 16:12 -------- d-----w- c:\users\nicelemon\AppData\Local\Adobe
2010-11-05 18:35 . 2010-11-05 18:35 -------- d-----w- c:\program files\CrystalDiskInfo
2010-11-03 18:17 . 2010-11-03 18:17 -------- d-----w- c:\users\nicelemon\AppData\Local\CrashRpt
2010-11-01 21:06 . 2010-11-01 21:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-01 18:53 . 2010-11-01 18:53 -------- d-----w- c:\users\nicelemon\AppData\Local\ATI
2010-11-01 18:04 . 2010-11-01 18:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-01 18:04 . 2010-11-01 18:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-01 17:47 . 2010-11-01 17:47 -------- d-----w- c:\users\nicelemon\AppData\Roaming\Malwarebytes
2010-11-01 17:47 . 2010-11-01 17:47 -------- d-----w- c:\programdata\Malwarebytes
2010-11-01 13:35 . 2010-11-01 13:35 388096 ----a-r- c:\users\nicelemon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 13:35 . 2010-11-01 13:35 -------- d-----w- c:\program files\Trend Micro
2010-10-30 14:28 . 2010-10-30 14:28 -------- d-----w- c:\users\nicelemon\AppData\Local\Rockstar Games
2010-10-30 14:20 . 2010-10-30 14:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-30 14:19 . 2010-10-30 14:19 -------- d-----w- c:\windows\system32\xlive
2010-10-30 14:19 . 2010-10-30 14:19 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-10-30 13:45 . 2010-11-07 17:55 -------- d-----w- c:\program files\Rockstar Games
2010-10-30 13:42 . 2010-10-30 13:42 720896 ----a-w- c:\windows\iun6002.exe
2010-10-30 13:42 . 2010-10-30 13:42 -------- d-----w- c:\program files\Look@LAN
2010-10-30 12:19 . 2010-10-30 12:19 -------- d-----w- c:\program files\NTCore
2010-10-29 15:07 . 2010-10-29 15:07 -------- d-----w- c:\program files\Common Files\Skype
2010-10-29 15:07 . 2010-10-29 15:07 -------- d-----w- c:\programdata\Skype
2010-10-29 10:24 . 2010-10-29 10:24 49152 ----a-r- c:\users\nicelemon\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-10-28 15:22 . 2010-10-31 13:11 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-10-28 15:21 . 2010-10-28 15:21 -------- d--h--r- c:\users\nicelemon\AppData\Roaming\SecuROM
2010-10-28 15:14 . 2010-10-29 22:13 -------- d-----w- c:\program files\Atari
2010-10-27 18:49 . 2010-10-27 18:49 -------- d-----w- c:\windows\system32\Adobe
2010-10-27 18:13 . 2010-11-01 18:50 -------- d-----w- c:\program files\PHP Home Edition 2
2010-10-27 17:25 . 2010-10-27 17:26 -------- d-----w- c:\users\nicelemon\.borland
2010-10-27 17:19 . 2010-10-27 17:19 -------- d-----w- C:\programy
2010-10-25 21:04 . 2010-10-25 21:04 -------- d-----w- c:\users\nicelemon\AppData\Local\Microsoft Help
2010-10-25 21:04 . 2010-10-25 21:04 -------- d-----w- c:\programdata\Microsoft Help
2010-10-25 20:19 . 2010-11-01 18:48 -------- d-----w- c:\program files\EA GAMES
2010-10-25 20:18 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-10-25 20:18 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-10-25 20:18 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-10-25 20:18 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-10-25 20:18 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-10-25 20:18 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-10-25 20:18 . 2010-10-25 20:18 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-10-25 20:18 . 2010-10-25 20:18 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-10-25 17:37 . 2010-10-25 17:37 -------- d-----w- c:\program files\Photo!
2010-10-25 14:20 . 2010-10-25 14:20 -------- d-----w- c:\program files\CCleaner
2010-10-24 12:46 . 2010-10-24 12:47 -------- d-----w- C:\Boot
2010-10-24 12:41 . 2010-10-24 12:41 -------- d-----w- c:\users\nicelemon\AppData\Local\NeoSmart_Technologies
2010-10-24 12:39 . 2010-10-24 12:39 -------- d-----w- c:\program files\NeoSmart Technologies
2010-10-23 17:15 . 2010-07-09 11:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-10-23 17:15 . 2010-10-23 17:15 -------- d-----w- c:\program files\CPUID
2010-10-23 17:13 . 2010-10-23 17:13 -------- d-----w- c:\program files\SpeedFan
2010-10-23 15:56 . 2010-10-23 15:56 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-10-23 15:51 . 2010-10-23 15:56 -------- d-----w- c:\program files\UltraISO
2010-10-23 15:42 . 2010-10-23 15:42 -------- d-----w- c:\program files\MagicISO
2010-10-23 11:50 . 2010-10-23 11:50 -------- d-----w- c:\users\nicelemon\AppData\Roaming\PSpad
2010-10-23 11:50 . 2010-10-23 11:50 -------- d-----w- c:\program files\PSPad editor
2010-10-22 16:45 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2010-10-22 16:42 . 2010-10-22 16:45 -------- d-----w- c:\program files\Postal2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 05:30 . 2010-10-12 05:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-10 13:01 . 2010-10-10 13:01 832872 ----a-w- c:\windows\system32\Flash.ocx
2010-10-10 12:09 . 2010-10-10 12:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-16 08:24 . 2010-10-10 11:27 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60CC48CB-F55D-4BCA-B4E6-C44C1F1F1034}\mpengine.dll
2010-09-07 15:12 . 2010-10-10 15:26 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-10 15:26 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-10 15:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-10 15:26 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-10 15:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-10 15:26 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-10-10 15:26 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 03:36 . 2010-08-26 03:36 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-26 02:01 . 2010-08-26 02:01 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-26 02:01 . 2010-08-26 02:01 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-26 01:57 . 2010-08-26 01:57 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57 . 2010-08-26 01:57 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-26 01:57 . 2010-08-26 01:57 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-26 01:55 . 2010-08-26 01:55 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-26 01:55 . 2010-08-26 01:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-26 01:52 . 2010-08-26 01:52 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-26 01:34 . 2010-08-26 01:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-26 01:34 . 2010-08-26 01:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-26 01:33 . 2010-08-26 01:33 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-26 01:33 . 2010-08-26 01:33 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-26 01:27 . 2010-08-26 01:27 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-26 01:25 . 2010-08-26 01:25 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-26 01:21 . 2010-08-26 01:21 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-26 01:21 . 2010-08-26 01:21 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-26 01:21 . 2010-08-26 01:21 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-26 01:20 . 2010-08-26 01:20 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-26 01:20 . 2010-08-26 01:20 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-26 01:19 . 2010-08-26 01:19 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-26 01:19 . 2010-08-26 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-26 01:13 . 2010-08-26 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-26 01:13 . 2010-08-26 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^nicelemon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Potaro.lnk]
path=c:\users\nicelemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Potaro.lnk
backup=c:\windows\pss\Potaro.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^nicelemon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\nicelemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 09:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe

R3 ALSysIO;ALSysIO;c:\users\NICELE~1\AppData\Local\Temp\ALSysIO.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-10 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 netr73;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\users\nicelemon\AppData\Roaming\Mozilla\Firefox\Profiles\tl7nzf66.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-ApacheMonitor - c:\program files\PHP Home Edition 2\Apache2\bin\ApacheMonitor.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2708518120-1737122515-3910560996-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:6b,b9,ed,7b,ec,8c,23,df,99,3c,66,a4,6c,e6,9c,00,c8,3b,7d,e3,18,c5,00,
01,db,17,e9,27,6e,87,73,ba,69,c1,61,8f,d8,97,43,1c,65,3d,65,4d,6b,cc,0b,a8,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-2708518120-1737122515-3910560996-1001\Software\SecuROM\License information*]
"datasecu"=hex:75,fa,e2,89,9c,fe,97,f7,3c,49,3b,e1,10,ed,c7,bc,7a,b6,c0,33,42,
64,be,33,41,3c,97,a7,43,9e,16,a3,bc,4a,2f,94,6c,0c,10,aa,6f,ff,46,f8,4e,23,\
"rkeysecu"=hex:46,d6,5a,20,0b,04,9c,3a,60,5b,d8,04,c4,2e,a5,10

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-11-21 12:51:12
ComboFix-quarantined-files.txt 2010-11-21 11:51

Před spuštěním: Volných bajtů: 13 976 485 888
Po spuštění: Volných bajtů: 13 898 493 952

- - End Of File - - 3F09FAE4D50402B57DFB679C55412D67

[jaro3]

Je to mladá dáma , a vůbec za to nemůže , je to chyba programu Combofix..

Odinstaluj:
Spybot - Search & Destroy---zbytečný Avast 5 má vlastní antispyware.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
DeQuarantine::
c:\windows\My.ini.vir
c:\windows\UA000106.DLL.vir

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[jackm]

ComboFix 10-11-20.06 - nicelemon 21.11.2010 14:38:57.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.1445 [GMT 1:00]
Spuštěný z: c:\users\nicelemon\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\nicelemon\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-21 13:43 . 2010-11-21 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-21 12:17 . 2010-11-21 12:17 -------- d-----w- c:\users\nicelemon\AppData\Local\ElevatedDiagnostics
2010-11-21 11:51 . 2010-11-21 13:45 -------- d-----w- c:\users\nicelemon\AppData\Local\temp
2010-11-21 10:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 10:31 . 2010-11-21 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 10:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 17:03 . 2010-11-21 13:10 234984 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-19 13:51 . 2010-11-19 13:51 -------- d-----w- c:\users\nicelemon\AppData\Local\PunkBuster
2010-11-19 13:33 . 2010-11-21 13:10 234984 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-11-19 13:33 . 2010-11-21 12:38 234984 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-19 13:33 . 2010-11-20 22:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-19 13:29 . 2010-11-19 13:29 -------- d-----w- c:\program files\Activision
2010-11-18 12:23 . 2010-11-18 12:23 -------- d-----w- c:\users\nicelemon\AppData\Local\2K Games
2010-11-17 19:43 . 2010-11-17 19:43 -------- d-----w- c:\program files\OGG To MP3 Plus
2010-11-17 14:46 . 2010-11-17 14:50 -------- d-----w- c:\users\nicelemon\AppData\Roaming\IcoFX
2010-11-17 14:46 . 2010-11-17 14:46 -------- d-----w- c:\program files\IcoFX 1.6
2010-11-16 18:21 . 2003-06-03 16:49 172032 ----a-w- c:\windows\system32\cddareader1.ax
2010-11-16 18:21 . 2010-11-16 18:22 -------- d-----w- c:\program files\Potaro
2010-11-14 16:25 . 2010-11-17 13:20 -------- d-----w- C:\www
2010-11-10 19:09 . 2010-11-10 19:11 -------- d-----w- c:\users\nicelemon\AppData\Roaming\PhotoFiltre Studio X
2010-11-10 19:09 . 2010-11-10 19:09 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-11-07 17:55 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-07 17:55 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-07 17:55 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-07 17:55 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-07 17:55 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-07 17:55 . 2010-11-07 17:55 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-07 17:55 . 2010-11-07 17:55 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-07 14:50 . 2010-11-07 14:51 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-11-07 14:50 . 2010-11-07 14:50 -------- d-----w- c:\program files\backburner 2
2010-11-07 14:50 . 2010-11-07 14:51 -------- d-----w- c:\program files\3DS_MAXy
2010-11-07 14:44 . 2010-11-07 14:47 -------- d-----w- c:\program files\EasyPHP5.2.10
2010-11-07 13:36 . 2010-11-07 14:50 -------- d-----w- c:\programdata\Autodesk
2010-11-07 13:34 . 2010-11-07 13:46 -------- d-----w- c:\program files\Autodesk
2010-11-07 13:34 . 2010-11-07 13:46 -------- d-----w- c:\users\nicelemon\AppData\Local\Autodesk
2010-11-07 13:33 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-11-05 22:04 . 2010-11-17 16:12 -------- d-----w- c:\users\nicelemon\AppData\Local\Adobe
2010-11-05 18:35 . 2010-11-05 18:35 -------- d-----w- c:\program files\CrystalDiskInfo
2010-11-03 18:17 . 2010-11-03 18:17 -------- d-----w- c:\users\nicelemon\AppData\Local\CrashRpt
2010-11-01 21:06 . 2010-11-01 21:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-01 18:53 . 2010-11-01 18:53 -------- d-----w- c:\users\nicelemon\AppData\Local\ATI
2010-11-01 18:04 . 2010-11-01 18:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-01 18:04 . 2010-11-01 18:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-01 17:47 . 2010-11-01 17:47 -------- d-----w- c:\users\nicelemon\AppData\Roaming\Malwarebytes
2010-11-01 17:47 . 2010-11-01 17:47 -------- d-----w- c:\programdata\Malwarebytes
2010-11-01 13:35 . 2010-11-01 13:35 388096 ----a-r- c:\users\nicelemon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 13:35 . 2010-11-01 13:35 -------- d-----w- c:\program files\Trend Micro
2010-10-30 14:28 . 2010-10-30 14:28 -------- d-----w- c:\users\nicelemon\AppData\Local\Rockstar Games
2010-10-30 14:20 . 2010-10-30 14:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-30 14:19 . 2010-10-30 14:19 -------- d-----w- c:\windows\system32\xlive
2010-10-30 14:19 . 2010-10-30 14:19 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-10-30 13:45 . 2010-11-07 17:55 -------- d-----w- c:\program files\Rockstar Games
2010-10-30 13:42 . 2010-10-30 13:42 720896 ----a-w- c:\windows\iun6002.exe
2010-10-30 13:42 . 2010-10-30 13:42 -------- d-----w- c:\program files\Look@LAN
2010-10-30 12:19 . 2010-10-30 12:19 -------- d-----w- c:\program files\NTCore
2010-10-29 15:07 . 2010-10-29 15:07 -------- d-----w- c:\program files\Common Files\Skype
2010-10-29 15:07 . 2010-10-29 15:07 -------- d-----w- c:\programdata\Skype
2010-10-29 10:24 . 2010-10-29 10:24 49152 ----a-r- c:\users\nicelemon\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-10-28 15:22 . 2010-10-31 13:11 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-10-28 15:21 . 2010-10-28 15:21 -------- d--h--r- c:\users\nicelemon\AppData\Roaming\SecuROM
2010-10-28 15:14 . 2010-10-29 22:13 -------- d-----w- c:\program files\Atari
2010-10-27 18:49 . 2010-10-27 18:49 -------- d-----w- c:\windows\system32\Adobe
2010-10-27 18:13 . 2010-11-01 18:50 -------- d-----w- c:\program files\PHP Home Edition 2
2010-10-27 17:25 . 2010-10-27 17:26 -------- d-----w- c:\users\nicelemon\.borland
2010-10-27 17:19 . 2010-10-27 17:19 -------- d-----w- C:\programy
2010-10-25 21:04 . 2010-10-25 21:04 -------- d-----w- c:\users\nicelemon\AppData\Local\Microsoft Help
2010-10-25 21:04 . 2010-10-25 21:04 -------- d-----w- c:\programdata\Microsoft Help
2010-10-25 20:19 . 2010-11-01 18:48 -------- d-----w- c:\program files\EA GAMES
2010-10-25 20:18 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-10-25 20:18 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-10-25 20:18 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-10-25 20:18 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-10-25 20:18 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-10-25 20:18 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-10-25 20:18 . 2010-10-25 20:18 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-10-25 20:18 . 2010-10-25 20:18 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-10-25 17:37 . 2010-10-25 17:37 -------- d-----w- c:\program files\Photo!
2010-10-25 14:20 . 2010-10-25 14:20 -------- d-----w- c:\program files\CCleaner
2010-10-24 12:46 . 2010-10-24 12:47 -------- d-----w- C:\Boot
2010-10-24 12:41 . 2010-10-24 12:41 -------- d-----w- c:\users\nicelemon\AppData\Local\NeoSmart_Technologies
2010-10-24 12:39 . 2010-10-24 12:39 -------- d-----w- c:\program files\NeoSmart Technologies
2010-10-23 17:15 . 2010-07-09 11:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-10-23 17:15 . 2010-10-23 17:15 -------- d-----w- c:\program files\CPUID
2010-10-23 17:13 . 2010-10-23 17:13 -------- d-----w- c:\program files\SpeedFan
2010-10-23 15:56 . 2010-10-23 15:56 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-10-23 15:51 . 2010-10-23 15:56 -------- d-----w- c:\program files\UltraISO
2010-10-23 15:42 . 2010-10-23 15:42 -------- d-----w- c:\program files\MagicISO
2010-10-23 11:50 . 2010-10-23 11:50 -------- d-----w- c:\users\nicelemon\AppData\Roaming\PSpad
2010-10-23 11:50 . 2010-10-23 11:50 -------- d-----w- c:\program files\PSPad editor
2010-10-22 16:45 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2010-10-22 16:42 . 2010-10-22 16:45 -------- d-----w- c:\program files\Postal2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 05:30 . 2010-10-12 05:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-10 13:01 . 2010-10-10 13:01 832872 ----a-w- c:\windows\system32\Flash.ocx
2010-10-10 12:09 . 2010-10-10 12:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-16 08:24 . 2010-10-10 11:27 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60CC48CB-F55D-4BCA-B4E6-C44C1F1F1034}\mpengine.dll
2010-09-07 15:12 . 2010-10-10 15:26 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-10 15:26 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-10 15:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-10 15:26 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-10 15:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-10 15:26 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-10-10 15:26 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 03:36 . 2010-08-26 03:36 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-26 02:01 . 2010-08-26 02:01 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-26 02:01 . 2010-08-26 02:01 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-26 01:57 . 2010-08-26 01:57 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57 . 2010-08-26 01:57 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-26 01:57 . 2010-08-26 01:57 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-26 01:55 . 2010-08-26 01:55 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-26 01:55 . 2010-08-26 01:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-26 01:52 . 2010-08-26 01:52 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-26 01:34 . 2010-08-26 01:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-26 01:34 . 2010-08-26 01:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-26 01:33 . 2010-08-26 01:33 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-26 01:33 . 2010-08-26 01:33 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-26 01:27 . 2010-08-26 01:27 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-26 01:25 . 2010-08-26 01:25 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-26 01:21 . 2010-08-26 01:21 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-26 01:21 . 2010-08-26 01:21 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-26 01:21 . 2010-08-26 01:21 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-26 01:20 . 2010-08-26 01:20 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-26 01:20 . 2010-08-26 01:20 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-26 01:19 . 2010-08-26 01:19 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-26 01:19 . 2010-08-26 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-26 01:13 . 2010-08-26 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-26 01:13 . 2010-08-26 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^nicelemon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Potaro.lnk]
path=c:\users\nicelemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Potaro.lnk
backup=c:\windows\pss\Potaro.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^nicelemon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\nicelemon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 09:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe

R3 ALSysIO;ALSysIO;c:\users\NICELE~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 netr73;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-10 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\users\nicelemon\AppData\Roaming\Mozilla\Firefox\Profiles\tl7nzf66.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/PROGRA~1/PHPHOM~1/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2708518120-1737122515-3910560996-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:6b,b9,ed,7b,ec,8c,23,df,99,3c,66,a4,6c,e6,9c,00,c8,3b,7d,e3,18,c5,00,
01,db,17,e9,27,6e,87,73,ba,69,c1,61,8f,d8,97,43,1c,65,3d,65,4d,6b,cc,0b,a8,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-2708518120-1737122515-3910560996-1001\Software\SecuROM\License information*]
"datasecu"=hex:75,fa,e2,89,9c,fe,97,f7,3c,49,3b,e1,10,ed,c7,bc,7a,b6,c0,33,42,
64,be,33,41,3c,97,a7,43,9e,16,a3,bc,4a,2f,94,6c,0c,10,aa,6f,ff,46,f8,4e,23,\
"rkeysecu"=hex:46,d6,5a,20,0b,04,9c,3a,60,5b,d8,04,c4,2e,a5,10
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1108)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-21 14:47:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-21 13:47
ComboFix2.txt 2010-11-21 11:51

Před spuštěním: Volných bajtů: 13 843 501 056
Po spuštění: Volných bajtů: 13 627 908 096

- - End Of File - - E89240CC17F0CC7C84EF27C63BE5C60D

[jackm]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:46, on 21.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\nicelemon\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 3217 bytes


Avast už tu chybu neháže, k těm savům, už to neřešme, jen mě to naštvalo, mohla mě předtím varovat, neříkal jsme, že je to jeji chyba.

[jaro3]

Fajn , vyřídím..

Pokud si odinstaloval Spybot - Search & Destroy , smaž ještě tyto složky:
c:\program files\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy


C:\www---znáš tu složku?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[jackm]

Takten T-Cleaner je prý Malware podle Avastu.
Jo c:\www znám...

[jaro3]

prosím Tě přečti si , co jsem psal v předchozím příspěvku:

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

[jackm]

Promiň, já myslel, že před spuštěním, vidíš neumím už ani číst.

[jaro3]

Nic se neděje , já občas taky.

můžeš dát zelenou fajfku.