VIRY.CZ

Ahoj,
na ploche sa mi stále zobrazuje text: "The application failed to initialize prorerly (0xc000007b). click OK to terminate the application."
Help, pls

Ze vraj na posudenie je treba log z RSITu, tak tu je:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alžbeta - Vojteková at 2009-12-18 10:10:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (30%) free of 45 GB
Total RAM: 383 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:33, on 18.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\portmap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Duden\Duden Korrektor\DKtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Duden\Duden Korrektor\DKCore.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Office-Bibliothek\officebib.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alžbeta - Vojteková\Plocha\RSIT.exe
C:\Program Files\trend micro\Alžbeta - Vojteková.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sme.sk/#null
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\system32\portmap.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WAHRIG.digital Launcher] C:\Program Files\Bertelsmann\WAHRIG.digital\wahrig.exe
O4 - HKLM\..\Run: [portmap.exe] C:\WINDOWS\system32\portmap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKtray.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\system32\portmap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7196 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-01-19 544768]
"RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-03-14 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"WAHRIG.digital Launcher"=C:\Program Files\Bertelsmann\WAHRIG.digital\wahrig.exe [2007-03-09 983040]
"portmap.exe"=C:\WINDOWS\system32\portmap.exe [2009-12-14 249856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"1"=C:\WINDOWS\system32\portmap.exe [2009-12-14 249856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"Duden Korrektor SysTray"=C:\Program Files\Duden\Duden Korrektor\DKtray.exe [2009-05-18 619216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
ASUS ChkMail.lnk - C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisableLocalUserRun"=1
"DisableLocalUserRunOnce"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"DisableLocalMachineRun"=
"DisableLocalMachineRunOnce"=
"DisableLocalUserRun"=
"DisableLocalUserRunOnce"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{053c5a38-c7e8-11de-86c2-001a92275a00}]
shell\AutoRun\command - F:\AUTORUN_o2Surfstick.exe /EjectCDROM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81890286-25a5-11dc-8596-001a92275a00}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a201100-96ea-11de-8665-ab8762bc52aa}]
shell\AutoRun\command - F:\sources\sperr32.exe x64

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d59da122-cb72-11de-86cb-001a92275a00}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f485f6ba-aeae-11de-8687-001a92275a00}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-12-18 10:10:08 ----D---- C:\Program Files\trend micro
2009-12-18 10:10:06 ----D---- C:\rsit
2009-12-18 00:25:08 ----SHD---- C:\FOUND.003
2009-12-18 00:19:44 ----D---- C:\!KillBox
2009-12-17 22:11:20 ----SHD---- C:\FOUND.002
2009-12-17 21:26:28 ----A---- C:\WINDOWS\system32\portmap.exe
2009-12-09 10:43:43 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 10:43:38 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 10:43:04 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 10:42:59 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 10:42:47 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 10:23:54 ----HD---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 10:23:49 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-25 10:23:35 ----HD---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-25 10:23:28 ----HD---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 10:23:19 ----HD---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-11-25 10:23:09 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2009-11-24 21:09:14 ----D---- C:\WINDOWS\Prefetch
2009-11-24 20:43:48 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-24 15:47:27 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2009-11-24 15:28:17 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-21 12:00:56 ----D---- C:\Program Files\MSXML 4.0
2009-11-20 16:56:40 ----D---- C:\Documents and Settings\Alžbeta - Vojteková\Data aplikací\Bertelsmann
2009-11-20 16:17:48 ----D---- C:\Program Files\PC-BIB
2009-11-20 16:15:24 ----D---- C:\WINDOWS\system32\wd2007
2009-11-20 16:14:25 ----A---- C:\WINDOWS\system32\unicows.dll
2009-11-20 16:14:25 ----A---- C:\WINDOWS\system32\lexazdll32.dll
2009-11-20 16:13:56 ----D---- C:\Program Files\Bertelsmann
2009-11-20 16:11:34 ----D---- C:\Program Files\Wahrig DW (D)
2009-11-20 15:22:01 ----D---- C:\Documents and Settings\Alžbeta - Vojteková\Data aplikací\Duden
2009-11-20 15:20:58 ----D---- C:\Program Files\Duden
2009-11-20 15:20:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\BIFAB
2009-11-20 15:18:13 ----D---- C:\Program Files\Office-Bibliothek

======List of files/folders modified in the last 1 months======

2009-12-18 01:33:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-16 20:25:34 ----A---- C:\WINDOWS\BWDir.ini
2009-12-16 20:25:34 ----A---- C:\WINDOWS\bw500.ini
2009-12-09 10:43:42 ----A---- C:\WINDOWS\imsins.BAK
2009-12-01 21:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 22:06:06 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-11-24 21:09:22 ----A---- C:\WINDOWS\setuplog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 BCM43XX;ASUS 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-19 862340]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-07-02 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-06-29 8064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-06-22 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-06-22 100480]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-14 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-04-04 1245064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

zdravim

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte combofix



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

Combofix som si stiahla, vypla som antiviry aj firewally a postupovala podľa pokynov, ale nefunguje to.
Nabehne veľke modre okno s vyzvou poslat kamsi SMS, a posledne čo sa objaví je dotaz či suhlasím s inštaláciou konzoly pre zotavenie. Keď kliknem na "ano", dotaz zmizne, zostale len to veľke okno, ktore zaberie celu plochu a všetko zablokuje, a ďalej sa nedeje nič.
Existuje iný spôsob ako combofix (už tu mal jeden človek podobny problem a ako alternativa bol odporúčaný MBAM)? Alebo robim niekde chybu?

rob len to co ja pisem,ak daco neide ihned treba pisat.,restartni pocitac do nudzoveho rezimu,

Restartujte pocitac do nouzoveho rezimu (pri restartu mackejte klavesu F8, pote zvolte z nabidky Stav nouze s pracou v sieti>> pote chvili vyckejte, otevre se vam potvrzovaci okno s nabidkou spusteni zvlastniho diagnostickeho rezimu, ktere potvrdte OK),

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte >.uz do normalneho rezimu>.vloz sem<,

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\portmap.exe
C:\FOUND.003
C:\!KillBox
C:\FOUND.002

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"portmap.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"1"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"DisableCMD"=dword:00000000
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"DisableLocalUserRun"=dword:00000000
"DisableLocalUserRunOnce"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"DisableLocalMachineRun"=-
"DisableLocalMachineRunOnce"=-
"DisableLocalUserRun"=-
"DisableLocalUserRunOnce"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{053c5a38-c7e8-11de-86c2-001a92275a00}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81890286-25a5-11dc-8596-001a92275a00}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a201100-96ea-11de-8665-ab8762bc52aa}]
shell\AutoRun\command - F:\sources\sperr32.exe x64
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]
"run"=""

:commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

Tak som to spravila, podla instrukcii, v zelenom okne programu sa cosi objavilo, potom prestal ten program odpovedat. po restarte pocitaca som nasla na C-cku pod OTM tento log:

Pocket Killbox version 2.0.0.978
Running on Windows XP as Alžbeta - Vojteková(Administrator)
was started @ piatok, december 18, 2009, 12:19 AM

# 1 [Files to Delete]
Path = C:\Documents and Settings\Alžbeta - Vojteková\Plocha\ded-morozzz.exe
*File Was Deleted

Killbox Closed(Exit) @ 12:21:06 AM
__________________________________________________

Pocket Killbox version 2.0.0.978
Running on Windows XP as Alžbeta - Vojteková(Administrator)
was started @ piatok, december 18, 2009, 12:28 AM

Killbox Closed(Exit) @ 12:29:37 AM
__________________________________________________

to je uplne nieco ine>>log z killbox,,tu to najdi log z OTMOVEIT
C:\_OTMoveIt\MovedFiles

ja som to skusala, ale to je jediny log ktory na C-cku pod OTMoveld je.

Po spusteni OTMoveld prestal program odpovedat, tak som pocitac restartovala (je mozne, ze by tam kvoli tomu ten log nebol?)
ta povodna hlaska, kvoli ktorej som zalozila tuto temu zmizla. Uz sa nezobrazuje, ani ta tabulka.

Teraz sa zobrazuje na poloche text:
"System windows nemuze nalezt C:\WINDOWS\system32\portmap.exe"
Ked kliknem na OK, objavi sa:
"Subor C:\WINDOWS\system32\portmap.exe, zadany v souboru WIN.INI, nelze nacist nebo spustit. Presvecte se, zda je soubor v pocitaci nebo odstrante prislusny odkaz ze souboru WIN.INI."

Subor s nazvom "portmap" je v OTMoveld pod "Moved files".

Znamena to, ze to sice vyriesilo povodny problem, ale vyrobilo dalsi? Co s tym suborom?

to nie je problem,teraz v normalnom Windowse pouzijes dalsi script pre OTMOVEIT>.log po restarte vloz sem
Do laveho okna Vloz len Zeleny text,,a Klik MOVEIT

Splnene, co dalej? vysiel z toho nasledujuci log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\portmap.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\1 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\\"run"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 10925713 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2395962 bytes

User: Alžbeta - Vojteková
->Temp folder emptied: 68206317 bytes
->Temporary Internet Files folder emptied: 22064826 bytes
->Java cache emptied: 12798400 bytes
->FireFox cache emptied: 59567315 bytes

User: Administrator
->Temp folder emptied: 10925713 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 7094 bytes
Windows Temp folder emptied: 644798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 21883135 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3856861 bytes

Total Files Cleaned = 205,62 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12182009_141003

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6c0.dat moved successfully.

Registry entries deleted on Reboot...

http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware
sprav komplet skan,,log vloz sem,

spravila som ako si napisal, co dalej, mazat ci nemazat? log po kompletnom skene:

Malwarebytes' Anti-Malware 1.42
Verzia databázy: 3383
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.12.2009 15:20:35
mbam-log-2009-12-18 (15-20-19).txt

Typ kontroly: Úplná (C:\|D:\|)
Objektov kontrolovaných: 184101
Uplynutý cas: 37 minute(s), 48 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 2
Infikovaných priecinkov: 0
Infikovaných súborov: 1

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\Alžbeta - Vojteková\Nabídka Start\Programy\Po spuštění\Quick Office.lnk (Trojan.Agent) -> No action taken.

dobre zmaz vsetko programom Malwarebytes,,a spust combofix tak ako som napisal,log vloz sem,

Tak tu je log z combofixu:

ComboFix 09-12-17.03 - Alžbeta - Vojteková 18.12.2009 15:50:09.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.383.108 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alžbeta - Vojteková\Plocha\KittyFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091218-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\MSPRPSK.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-18 do 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 13:38 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 13:38 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 13:38 . 2009-12-18 13:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 12:08 . 2009-12-18 12:08 -------- d-----w- C:\_OTM
2009-12-18 09:10 . 2009-12-18 09:10 -------- d-----w- c:\program files\trend micro
2009-12-18 09:10 . 2009-12-18 09:10 -------- d-----w- C:\rsit
2009-11-24 14:51 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-11-24 14:50 . 2009-03-06 14:23 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-11-24 14:50 . 2009-02-09 11:25 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-11-24 14:50 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-24 14:50 . 2009-06-25 08:27 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-11-24 14:50 . 2009-02-09 10:56 709632 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-11-24 14:50 . 2009-02-09 10:56 684032 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-11-24 14:50 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-11-24 14:50 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-11-24 14:50 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-24 14:49 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-24 14:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-11-24 14:49 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-11-24 14:49 . 2009-07-10 13:28 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-24 14:49 . 2008-04-11 19:06 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-24 14:49 . 2009-08-04 17:29 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-24 14:49 . 2009-08-04 17:29 2068224 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-24 14:49 . 2009-08-04 17:29 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-24 14:49 . 2008-10-15 16:38 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-11-24 14:49 . 2008-04-21 21:15 216576 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-11-21 11:00 . 2009-11-21 11:00 -------- d-----w- c:\program files\MSXML 4.0
2009-11-20 15:17 . 2009-11-20 15:17 -------- d-----w- c:\program files\PC-BIB
2009-11-20 15:15 . 2009-11-20 15:15 -------- d-----w- c:\windows\system32\wd2007
2009-11-20 15:14 . 2004-12-07 08:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-11-20 15:14 . 2004-03-30 10:12 45056 ----a-w- c:\windows\system32\lexazdll32.dll
2009-11-20 15:13 . 2009-11-20 15:13 -------- d-----w- c:\program files\Bertelsmann
2009-11-20 15:11 . 2009-11-20 15:11 -------- d-----w- c:\program files\Wahrig DW (D)
2009-11-20 14:20 . 2009-11-20 14:21 -------- d-----w- c:\program files\Duden
2009-11-20 14:18 . 2009-11-20 14:18 -------- d-----w- c:\program files\Office-Bibliothek

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 13:10 . 2004-11-20 10:15 79110 ----a-w- c:\windows\system32\perfc005.dat
2009-12-18 13:10 . 2004-11-20 10:15 430964 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2009-09-25 16:20 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-25 16:21 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:51 . 2009-09-25 16:21 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-25 16:21 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-25 16:21 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-25 16:21 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-25 16:21 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-25 16:21 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-25 16:21 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-29 07:43 . 2004-08-18 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-18 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 11:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 11:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 14:02 . 2007-01-15 17:04 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-20 13:39 . 2009-03-20 13:38 41289140 ----a-w- c:\program files\8-12_xp32_dd_ccc_wdm_enu_72271.rar
2009-03-20 12:31 . 2009-03-20 12:31 39485984 ----a-w- c:\program files\sp31190.exe
2009-03-11 12:02 . 2009-03-11 12:02 1382 ----a-w- c:\program files\DivX Movies.lnk
2008-09-03 19:22 . 2008-09-03 19:22 667648 ----a-w- c:\program files\weblinInstall_EN.exe
2008-04-04 10:14 . 2008-04-04 10:14 71665576 ----a-w- c:\program files\Norton.Internet.Security.2008.v15.5.0.23.exe
2008-01-16 10:37 . 2008-01-22 10:01 25143 ----a-w- c:\program files\paraconc.pdf
2008-01-16 10:36 . 2008-01-22 09:59 1400832 ----a-w- c:\program files\ParaConc269.exe
2007-04-27 22:10 . 2007-04-27 22:10 14738 ----a-w- c:\program files\videodownloader-1.1.1-fx.xpi
2007-04-01 21:40 . 2007-04-01 21:40 359112 ----a-w- c:\program files\LimeWireWin.exe
2007-03-20 21:18 . 2007-03-20 21:17 7462674 ----a-w- c:\program files\Combined-Community-Codec-Pack-2007-02-22.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden Korrektor\DKtray.exe" [2009-05-18 619216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 544768]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WAHRIG.digital Launcher"="c:\program files\Bertelsmann\WAHRIG.digital\wahrig.exe" [2007-03-09 983040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-1-15 491520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
ASUS ChkMail.lnk - c:\program files\Asus\Asus ChkMail\ChkMail.exe [2007-1-15 32768]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.9.2009 17:21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.9.2009 17:21 20560]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [15.1.2007 18:36 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [15.1.2007 18:36 8064]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [1.10.2009 19:23 100480]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.sme.sk/#null
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
FF - ProfilePath - c:\documents and settings\Alžbeta - Vojteková\Data aplikací\Mozilla\Firefox\Profiles\s9rqjwb8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 15:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-18 15:56:50
ComboFix-quarantined-files.txt 2009-12-18 14:56

Před spuštěním: Volných bajtů: 13 904 216 064
Po spuštění: Volných bajtů: 13 872 824 320

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D36D7DE430CE9CC6A3AAB733F1A56FCD

ok
Odinstaluj ComboFix - Start -> Spustit -do okna zkopiruj prikaz>> KittyFix /Uninstall
ok

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Doinstaluj Firewall a napis ako sa chova pc,,

Skusala som Start a potom Spustit, no ked tam dam to KittyFix/Uninstall, tak to napise, ze "system windows nemuze KittyFix najit", aj ked je nazov spravne.