VIRY.CZ

Prosím o kontrolu Logu Combofix:
ComboFix 10-11-29.05 - uzivatel 30.11.2010 15:39:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1279.899 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 101031-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uzivatel\Dokumenty\cc_20101130_144121.reg
c:\documents and settings\uzivatel\Dokumenty\cc_20101130_144136.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.

2010-11-30 14:22 . 2010-11-30 14:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-30 14:02 . 2010-11-30 14:02 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Malwarebytes
2010-11-30 14:02 . 2010-11-30 14:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 14:02 . 2010-11-30 14:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-30 13:37 . 2010-11-30 13:37 -------- d-----w- c:\program files\CCleaner
2010-11-27 11:42 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\USMT\iconlib.dll
2010-11-27 11:42 . 2010-11-27 11:42 -------- d-----w- c:\documents and settings\Administrator
2010-11-22 20:10 . 2010-11-22 20:10 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2008-03-29 17:37 79224 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 17:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.4.2008 16:20 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 16:20 20560]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [6.12.2006 17:02 5824]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - RKREVEAL150
*Deregistered* - RKREVEAL150
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {DCD0F9D9-9911-4EB7-BB5F-02A751A6C53A} = 10.45.55.1,80.78.150.250
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ke9btl9a.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-WgaLogon - (no file)
AddRemove-Hrnečku, vař! Tradiční česká pohádka pro počítač_is1 - c:\program files\Hrnečku
AddRemove-Jak dědeček měnil, až vyměnil - česká pohádka pro počítač_is1 - c:\program files\Jak dědeček měnil

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 15:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-30 15:45:29
ComboFix-quarantined-files.txt 2010-11-30 14:45

Před spuštěním: Volných bajtů: 22 015 406 080
Po spuštění: Volných bajtů: 21 983 191 040

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - FA7655DE25B450E41D049DD6389087AB

Zdravím,

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole "Název souboru" jen zkopíruj:

c:\documents and settings\All Users\Data aplikací\Microsoft\USMT\iconlib.dll

"Send file" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
sessmgr.exe
iconlib.dll
:regfind
sessmgr.exe

Klik na Look a po scanu sem zkopíruj výsledek hledání

přidej RSIT log - http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

SystemLook.exe -nejde spustit

SystemLook - Vůbec se ti neotevře okno programu?

udělej ostatní 2 akce z mého návodu

Tak posílám aspoň něco:

Vysledek:
http://www.virustotal.com/file-scan/rep ... 1291395424

A Log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2010-12-03 17:53:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (42%) free of 50 GB
Total RAM: 511 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"gupdate"=2
"Ati HotKey Poller"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-03 17:53:31 ----D---- C:\rsit
2010-12-03 17:53:31 ----D---- C:\Program Files\trend micro
2010-12-03 06:32:39 ----A---- C:\RSIT.exe
2010-12-03 06:32:29 ----A---- C:\SystemLook.exe
2010-11-30 15:45:31 ----D---- C:\WINDOWS\temp
2010-11-30 15:45:30 ----A---- C:\ComboFix.txt
2010-11-30 15:38:41 ----A---- C:\Boot.bak
2010-11-30 15:38:36 ----RASHD---- C:\cmdcons
2010-11-30 15:32:06 ----A---- C:\WINDOWS\zip.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\SWSC.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\SWREG.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\sed.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\PEV.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\MBR.exe
2010-11-30 15:32:06 ----A---- C:\WINDOWS\grep.exe
2010-11-30 15:32:00 ----D---- C:\WINDOWS\ERDNT
2010-11-30 15:31:49 ----D---- C:\Qoobox
2010-11-30 15:22:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-11-30 15:02:47 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Malwarebytes
2010-11-30 15:02:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-30 15:02:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-30 14:52:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-30 14:37:33 ----D---- C:\Program Files\CCleaner
2010-11-30 14:04:39 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2010-12-03 17:53:31 ----RD---- C:\Program Files
2010-12-03 17:50:39 ----D---- C:\WINDOWS
2010-12-03 06:52:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-30 15:43:24 ----A---- C:\WINDOWS\system.ini
2010-11-30 15:43:17 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-30 15:41:32 ----D---- C:\WINDOWS\system32\drivers
2010-11-30 15:41:32 ----D---- C:\WINDOWS\system32
2010-11-30 15:41:32 ----D---- C:\WINDOWS\AppPatch
2010-11-30 15:41:27 ----D---- C:\Program Files\Common Files
2010-11-30 15:38:41 ----RASH---- C:\boot.ini
2010-11-30 15:25:31 ----D---- C:\Program Files\Mozilla Firefox
2010-11-30 15:13:03 ----HD---- C:\WINDOWS\inf
2010-11-30 15:02:41 ----D---- C:\WINDOWS\Prefetch
2010-11-30 14:52:30 ----D---- C:\Program Files\Google
2010-11-30 14:52:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-11-30 14:52:28 ----SHD---- C:\WINDOWS\Installer
2010-11-30 14:52:28 ----SD---- C:\WINDOWS\Tasks
2010-11-30 14:51:07 ----A---- C:\WINDOWS\win.ini
2010-11-30 14:44:03 ----D---- C:\Config.Msi
2010-11-30 14:42:54 ----D---- C:\Program Files\ICQLite
2010-11-30 14:39:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-30 14:38:51 ----D---- C:\WINDOWS\Debug
2010-11-30 14:29:54 ----A---- C:\WINDOWS\system32\wpa.bak
2010-11-30 14:17:35 ----SHD---- C:\System Volume Information
2010-11-30 14:17:35 ----D---- C:\WINDOWS\system32\Restore
2010-11-30 14:04:33 ----A---- C:\WINDOWS\wincmd.ini
2010-11-27 18:32:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-27 18:20:17 ----D---- C:\Documents and Settings
2010-11-23 15:13:29 ----D---- C:\UCTO2007
2010-11-22 21:11:05 ----D---- C:\WINDOWS\system32\config
2010-11-22 21:10:08 ----D---- C:\WINDOWS\system32\wbem
2010-11-22 21:10:06 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvraid;NVIDIA NForce(tm) ATA RAID Class Driver; C:\WINDOWS\system32\DRIVERS\nvraid.sys [2004-06-03 68224]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2009-12-09 821760]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
S3 catchme;catchme; \??\C:\DOCUME~1\uzivatel\LOCALS~1\Temp\catchme.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2007-11-27 68608]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]

-----------------EOF-----------------

zatím nic nebezpečného nevidím

máš Malwarebytes - proveď aktualizaci a sken - dej mi log

Avast zkusíme opravit instalací Avast5 - http://www.slunecnice.cz/sw/avast-free-antivirus/

Ještě k SytemLook - při spuštění hlásí:
Spuštění této aplikace se nezdařilo, protože konfigurace aplikace není správná. Tyto potíže lze pravděpodobně vyřešit opakovanou instalací aplikace

SystemLook už neřeš

cernohous13 píše: máš Malwarebytes - proveď aktualizaci a sken - dej mi log

Avast zkusíme opravit instalací Avast5 - http://www.slunecnice.cz/sw/avast-free-antivirus/

tady to vypadá jak?

VIRY.CZ

Nefunkční rezident AVAST a nemožnost odinstalovat Aplikace

Nefunkční rezident AVAST a nemožnost odinstalovat Aplikace

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika

Re: Nefunkční rezident AVAST a nemožnost odinstalovat Aplika