kontrola logu

[kul1k]

zdravim tak sem pred lankou a nasel sem v kompu trojana kteryho bych se rad zbavil (nasel ho spyware terminator-neodstranil, avast najde neodsrtani, nod taky)

muj log:

Logfile of HijackThis v1.99.1
Scan saved at 20:13:11, on 10.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Documents and Settings\kulik\Plocha\W3_Bars.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerofa.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\DownloadS\FireFoX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5292E285-BD39-4C91-81BB-F51259C0F4B7} - C:\WINDOWS\system32\tuvTmKaA.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerhid.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [343aa158] rundll32.exe "C:\WINDOWS\system32\vcqnpkoe.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Program Files\Alwil Software\Avast4\AhAScr.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O4 - Startup: Miranda.lnk = C:\Program Files\Miranda IM\miranda32.exe
O4 - Startup: Ventrilo.lnk = ?
O4 - Startup: Zástupce - W3_Bars.lnk = C:\Documents and Settings\kulik\Plocha\W3_Bars.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: jkkLcCut - jkkLcCut.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe



diky za rychle rady

[babajaga]

Ahojda,

mas malware ze skupiny adware virtumunde.

Aplikuj ComboFix, jeho log mi sem vloz. Navod na nej najdes temer v kazdem linku zde na fore

[kul1k]

ComboFix 08-12-09.03 - kulik 2008-12-10 22:02:17.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1611 [GMT 1:00]
Spuštěný z: e:\downloads\FireFoX\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AaKmTvut.ini
c:\windows\system32\AaKmTvut.ini2
c:\windows\system32\eokpnqcv.ini
c:\windows\system32\mhosirup.ini
c:\windows\system32\vcqnpkoe.dll
c:\windows\system32\xxyyYrOh.dll
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-10 do 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 18:24 . 2008-12-10 18:24 <DIR> d-------- c:\program files\Alwil Software
2008-12-10 18:24 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-10 17:22 . 2008-12-10 17:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2008-12-10 17:02 . 2008-12-10 17:21 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-10 17:02 . 2008-12-10 17:12 <DIR> d-------- c:\documents and settings\kulik\Data aplikací\Spyware Terminator
2008-12-10 17:02 . 2008-12-10 17:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2008-12-10 17:02 . 2008-12-10 17:02 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-10 16:59 . 2008-12-10 18:27 139,264 --a------ c:\windows\War3Unin.exe
2008-12-10 16:59 . 2008-12-10 18:28 77,140 --a------ c:\windows\War3Unin.dat
2008-12-10 16:59 . 2008-12-10 18:27 2,829 --a------ c:\windows\War3Unin.pif
2008-12-10 16:58 . 2008-12-10 21:53 <DIR> d-------- c:\program files\Warcraft III
2008-12-10 16:47 . 2008-12-10 16:47 <DIR> d-------- c:\windows\system32\cs-CZ
2008-12-10 16:07 . 2008-12-10 16:07 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-07 13:51 . 2008-12-07 13:51 <DIR> d-------- c:\program files\Razer
2008-12-07 13:51 . 2008-12-07 13:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Razer
2008-12-07 13:51 . 2007-08-08 09:51 249,856 --a------ c:\windows\system32\Lachesis.cpl
2008-12-07 13:51 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-07 13:51 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-07 13:51 . 2005-12-21 11:23 14,592 --a------ c:\windows\system32\drivers\Usbicp.sys
2008-12-07 13:51 . 2007-08-08 11:04 12,032 --a------ c:\windows\system32\drivers\Lachesis.sys
2008-12-07 02:44 . 2008-12-07 02:44 39,936 --a------ c:\windows\system32\jkklccut.dll.ren
2008-12-06 19:38 . 2008-12-06 19:38 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-06 19:38 . 2006-10-04 15:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb
2008-12-06 19:38 . 2006-10-04 15:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb
2008-12-06 19:38 . 2006-10-04 15:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb
2008-12-06 19:37 . 2008-12-06 19:37 <DIR> d-------- c:\windows\system32\xlive
2008-12-06 19:37 . 2008-12-06 19:37 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\program files\MSBuild
2008-12-06 19:02 . 2008-12-10 16:46 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-06 19:02 . 2008-12-06 19:02 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-06 19:02 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-05 16:05 . 2004-08-17 15:45 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-05 16:05 . 2004-08-17 15:45 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-05 16:04 . 2008-12-10 17:08 <DIR> d-------- c:\program files\Common Files\Logitech
2008-11-30 17:01 . 2008-12-10 22:04 <DIR> d-------- c:\program files\Steam
2008-11-29 15:32 . 2008-11-29 15:32 <DIR> d-------- c:\windows\system32\Futuremark
2008-11-29 15:32 . 2008-11-29 15:36 <DIR> d-------- c:\program files\Futuremark
2008-11-29 15:32 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
2008-11-29 15:32 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2008-11-29 15:32 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
2008-11-29 15:32 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2008-11-22 13:57 . 2008-11-22 13:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ATI
2008-11-22 13:55 . 2008-10-28 21:05 593,920 --a------ c:\windows\system32\ati2sgag.exe
2008-11-16 16:53 . 2008-11-16 16:53 <DIR> d-------- c:\windows\SHELLNEW
2008-11-16 16:53 . 2008-11-16 16:53 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-16 16:53 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-16 16:53 . 2008-11-16 16:53 390 --a------ c:\windows\ODBC.INI
2008-11-16 16:47 . 2008-11-16 16:47 <DIR> d-------- c:\program files\Softland
2008-11-16 16:47 . 2006-03-29 17:12 421,888 --a------ c:\windows\system32\novamnp3.dll
2008-11-16 16:47 . 2006-03-29 17:08 9,728 --a------ c:\windows\system32\novamip3.dll
2008-11-16 16:47 . 2006-03-14 16:28 4,693 --a------ c:\windows\system32\novap3.ctm
2008-11-14 17:18 . 2008-11-14 17:18 <DIR> d-------- c:\windows\Logs
2008-11-14 17:18 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-14 17:18 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-14 17:18 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-14 17:18 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-14 17:18 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-14 17:18 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-14 17:18 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-14 17:17 . 2008-11-28 23:18 2,250,024 --a------ c:\windows\system32\pbsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:15 --------- d-----w c:\program files\Garena
2008-12-10 18:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-10 15:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 20:44 --------- d-----w c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
2008-11-28 22:19 22,328 ----a-w c:\documents and settings\kulik\Data aplikací\PnkBstrK.sys
2008-11-28 22:16 --------- d-----w c:\program files\Ubisoft
2008-11-22 12:56 --------- d-----w c:\program files\ATI Technologies
2008-11-16 19:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 19:55 --------- d-----w c:\program files\AGEIA Technologies
2008-11-14 16:11 --------- d-----w c:\program files\Activision
2008-11-14 16:06 --------- d-----w c:\program files\Codemasters
2008-11-14 16:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\Codemasters
2008-11-13 18:13 --------- d-----w c:\program files\JetAudio
2008-11-09 17:48 --------- d-----w c:\program files\mIRC
2008-11-06 19:40 --------- d-----w c:\program files\Common Files\Adobe
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-24 15:27 --------- d-----w c:\program files\HD Tune
2008-10-18 10:06 --------- d-----w c:\program files\PSPad editor
2008-10-18 10:06 --------- d-----w c:\documents and settings\kulik\Data aplikací\PSpad
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Steam"="c:\program files\steam\steam.exe" [2008-11-30 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="c:\program files\Razer Pro Solutions\ProClick v1.6\razerhid.exe" [2007-03-02 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\kulik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
jetAudio.lnk - c:\program files\JetAudio\JetAudio.exe [2008-08-09 2748484]
Miranda.lnk - c:\program files\Miranda IM\miranda32.exe [2008-08-09 550994]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-07 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2002-08-29 69120]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\kulik\LOCALS~1\Temp\GPE61.tmp []
S3 GPU-Z;GPU-Z;\??\c:\docume~1\kulik\LOCALS~1\Temp\GPU-Z.sys []
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-08-09 13225]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{5292E285-BD39-4C91-81BB-F51259C0F4B7} - c:\windows\system32\tuvTmKaA.dll
Notify-jkkLcCut - jkkLcCut.dll


.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\kulik\Data aplikací\Mozilla\Firefox\Profiles\v7lmul7p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://seznam.cz/
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:03:58
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\kulik\LOCALS~1\Temp\GPE61.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\documents and settings\kulik\Plocha\W3_Bars.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\Razer Pro Solutions\ProClick v1.6\razerofa.exe
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2008-12-10 22:05:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-10 21:05:38

Před spuštěním: Volných bajtů: 17 692 061 696
Po spuštění: Volných bajtů: 17,976,446,976

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

204



zde je log z ComboFixu

[babajaga]

JA so hrozne moc omlouvam, koukan na hodinyk ze musim jit spat, jinak se do prace nevzbudim.

Cf uspesne smazal havet. NA dokontrolovani logu, nemam odvahu abych enco neprehlid, zaviraji se mi oci.

pres nabitku Start, spustit vloz do policka prikaz: ComboFix /u , odentruj

Muzes pocitac nechaz projet pomoci AVPtools - navod treba zde: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 , jeho log bych rad videl. Zitra zkouknu oba dva logy.

Sitauce s PC by mela byt v soucasne dobe dle em lepsi, mam pravdu?

[kul1k]

ano PC se chova znatelne lepe diky pozdeji hodim logy

THX

PS: userum jako ses ty by meli davat nejakej GOLDMember

[babajaga]

Pokud avptools nevymazal c:\windows\system32\jkklccut.dll.ren - smaz. Pockam na log z AVPtools, sem tu jen na skok.

Krom ptakovinek, o kterych ani neni zaznam v googlu, se mi jevi log jako cisty, vice nam ukaze prave uvedeny avptools.

Jeste nejaky problem s pc? Na zaver vlozis logy z HJT - vysi verze - opet link na stahnuti, zde na fore najdes - i AvpTools

Muj nepritel je cas. Tvuj log byl jednoduska, nebot resivam mnohem slozitejsi.

GOLDMember , muzes napsat adminom, sem zvedav co ti odpovi

[babajaga]

Koukam ze se logu nedockam