kontrola logu, vir???

Dobrý den, potřebovala bych od vás radu. Bylo mi řečeno, že mám v počítači vir,
který rozesílá prostřednictvím mého pc množství e-mailů, což zahlcuje síť
přes kterou jsem připojena k internetu a proto mě odpojili.
Projela jsem pc snad vším možným,ale když nevím co hledám, je to těžké.
Hlásilo mi to nějaký malware v ad adware a trojan remover asi taky něco našel,ale nevím jestli je to všechno.
Mohli by jste kouknout na přiložený log? Nerada bych aby mě zase odpojili.

Dále bych se chtěla zeptat, jestli jsem mohla ten vir chytit ze sítě. Používám notebook a ten je prý náchylnější.
Na internetu totiž pouze stahuju z rapidshare.com a telefonuju přes skype, kde mi můžou volat jen ti ze seznamu, takže jsem byla celkem v klidu a věřila nodu32. Mohl někdo ten vir zavléct do sítě a on se pak usadil u mě? Pracuju na netu asi 10 let a nikdy jsem problém s viry neměla, ale co jsem u tohoto poskytovatele, tak už 2x v jednom měsíci mám viry.

Děkuji mnohokrát, zachráníte mi život.

Logfile of HijackThis v1.99.1
Scan saved at 17:11:30, on 22.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Vevik\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zsjn.wz.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.email.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=;gopher=;http=;https=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B04A3F81-9C14-4941-ACFD-5E2F1E119C8F} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Obrázek uživatele Diallix

Teba odpojili koli tomu, ze mas virus ktory rozosiela na server spam emaily? To sa mi zda ako kravina. Akeho mas providera?

Toto v programe mozes fixnut. Ide len o zbytocnosti:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {B04A3F81-9C14-4941-ACFD-5E2F1E119C8F} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

Pretiahni pocitac s combofixom podla navodu:

stahnete a ulozte na plochu [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exeComboFix[/url]

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Obrázek uživatele Sony

Mi to přišlo taky jako kravina, zvlášť když jejich rada na každý problém je: zformátujte si hard disk, pak nám zavolejte a my vás znovu připojíme. Ale odpojujou mě, což mě štve. Mimochodem připojuje mě pan Baran v Bruntále. Bohužel nemám jinou možnost.

Tady je výpis z Combofixu, ale nevím jestli je to celé, musela jsem komp restartovat na tvrdo, hodinu se nic nedělo, tak nevím.

ComboFix 08-01-23.2 - Vevik 2008-01-24 19:21:46.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.176 [GMT 1:00]
Running from: C:\Documents and Settings\Vevik\Plocha\ComboFix.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
---- Previous Run -------
C:\Documents and Settings\Vevik\Data aplikacˇ\setup_en[1].exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll

((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))

2008-01-24 17:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 17:33 . 2008-01-24 17:33 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 17:09 . 2008-01-23 17:09 7,032 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-22 16:58 . 2008-01-22 16:58 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-22 07:04 . 2008-01-22 07:04 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-21 20:34 . 2008-01-21 20:34 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-21 19:57 . 2008-01-21 19:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 19:56 . 2008-01-21 19:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 19:50 . 2008-01-21 19:50 <DIR> d-------- C:\Sandbox
2008-01-21 19:48 . 2008-01-21 19:48 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-21 19:48 . 2008-01-21 19:48 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-21 19:48 . 2008-01-21 19:48 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-21 19:48 . 2008-01-21 19:48 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-21 19:48 . 2008-01-21 19:48 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-21 19:48 . 2008-01-21 19:48 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-21 19:46 . 2004-08-18 05:00 147,968 --a------ C:\WINDOWS\R.COM
2008-01-21 19:46 . 2004-08-18 05:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-01-21 19:46 . 2008-01-21 19:46 26 --a------ C:\WINDOWS\Lic.xxx
2008-01-21 19:45 . 2008-01-21 19:45 <DIR> d-------- C:\Program Files\Sandboxie
2008-01-21 19:45 . 2008-01-24 17:28 1,298 --a------ C:\WINDOWS\Sandboxie.ini
2008-01-21 19:23 . 2008-01-21 19:23 11 --a------ C:\WINDOWS\system32\uninstall.mybho
2008-01-21 19:08 . 2008-01-21 19:08 2,335,270 --a------ C:\WINDOWS\system32\20e4.mht
2008-01-21 19:08 . 2004-08-18 05:00 702,976 --a------ C:\WINDOWS\system32\0d76.tmp
2008-01-21 19:08 . 2008-01-21 19:08 54,624 --a------ C:\WINDOWS\system32\9a85.sys
2008-01-21 18:49 . 2008-01-21 18:49 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-21 18:49 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-21 18:49 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-21 18:49 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-21 18:49 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-21 18:49 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-06 08:22 . 2008-01-06 08:22 <DIR> d-------- C:\Program Files\Premium Booster
2008-01-06 08:12 . 2008-01-06 08:12 <DIR> d--hs---- C:\FOUND.001
2008-01-06 08:12 . 2008-01-06 08:12 <DIR> d--hs---- C:\FOUND.000

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-07 17:48 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-07 16:16 --------- d-----w C:\Program Files\SlySoft
2007-12-02 20:51 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:19 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2007-11-17 20:20 336896]

"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 05:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:36 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-17 11:47 98304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-25 13:33 735824]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-21 20:31 2834432]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 05:00 15360]

"NoResolveTrack"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-21 20:34]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 05:00]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-11-17 20:20]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 23:08]
S3 9a85;9a85;C:\WINDOWS\system32\9a85.sys [2008-01-21 19:08]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 05:00]

Contents of the 'Scheduled Tasks' folder
"2008-01-17 09:00:02 C:\WINDOWS\Tasks\zaloha.job"
- C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLAdministrator.exe?

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 19:26:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


Obrázek uživatele Diallix

Neake smejdy tam su, ale aby ta museli odpajat. :shock:

Stiahni si Avenger : http://www.viry.cz/node/
Podla navodu hore sa dopracuj k tomu okne. Do neho napis toto:

Drivers to unload:

Files to delete:

Folders to delete:

Pocitac sa restartuje.Po jeho restartu nabehne log, ktory je aj ulozeny v c:\avenger.txt. Ten skopiruj sem.

Do poznamkoveho bloku napis toto:


Uloz blok na plochu ako CFScript.txt , chyt mysou, presun ho nad Combofix a ked bude modry, tak pust (obrazok dole). Zacne skenovanie a ponom daj log, ktory naskoci.

Obrázek uživatele Sony

Tady je log z avengeru

Logfile of The Avenger version 1, by Swandog46
Running from registry key:


Script file located at: \??\C:\Documents and Settings\anupoauc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger


Beginning to process script file:

Driver 9a85 unloaded successfully.
File C:\WINDOWS\R.COM deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.
File C:\WINDOWS\Lic.xxx deleted successfully.
File C:\WINDOWS\system32\uninstall.mybho deleted successfully.
File C:\WINDOWS\system32\20e4.mht deleted successfully.
File C:\WINDOWS\system32\0d76.tmp deleted successfully.
File C:\WINDOWS\system32\9a85.sys deleted successfully.
Folder C:\WINDOWS\zts2.exe deleted successfully.
Folder C:\WINDOWS\system32\vcmgcd32.dll deleted successfully.
Folder C:\WINDOWS\system32\iifgfgf.dll deleted successfully.
Folder C:\WINDOWS\rundll16.exe deleted successfully.
Folder C:\WINDOWS\rundl132.dll deleted successfully.
Folder C:\WINDOWS\logo1_.exe deleted successfully.
Folder C:\FOUND.001 deleted successfully.
Folder C:\FOUND.000 deleted successfully.

Completed script processing.


Finished! Terminate.

A tady z ComboFixu:

ComboFix 08-01-23.2 - Vevik 2008-01-25 12:41:36.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.179 [GMT 1:00]
Running from: C:\Documents and Settings\Vevik\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vevik\Plocha\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
---- Previous Run -------
C:\Documents and Settings\Vevik\Data aplikacˇ\setup_en[1].exe
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))

2008-01-24 17:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 17:33 . 2008-01-24 17:33 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 17:09 . 2008-01-24 19:40 14,948 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-22 16:58 . 2008-01-22 16:58 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-22 07:04 . 2008-01-22 07:04 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-21 20:34 . 2008-01-21 20:34 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-21 19:57 . 2008-01-21 19:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 19:56 . 2008-01-21 19:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 19:50 . 2008-01-21 19:50 <DIR> d-------- C:\Sandbox
2008-01-21 19:45 . 2008-01-21 19:45 <DIR> d-------- C:\Program Files\Sandboxie
2008-01-21 19:45 . 2008-01-24 17:28 1,298 --a------ C:\WINDOWS\Sandboxie.ini
2008-01-21 18:49 . 2008-01-21 18:49 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-21 18:49 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-21 18:49 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-21 18:49 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-21 18:49 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-21 18:49 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-06 08:22 . 2008-01-06 08:22 <DIR> d-------- C:\Program Files\Premium Booster

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-07 17:48 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-07 16:16 --------- d-----w C:\Program Files\SlySoft
2007-12-02 20:51 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:19 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,458,752 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- Directory of C:\Sandbox ----

2008-01-24 19:42 61706 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\posting[2].htm
2008-01-24 19:42 5361 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\posting[1].php
2008-01-24 19:42 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\dot[1].gif
2008-01-24 19:42 3415 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\ukaztomod[1].htm
2008-01-24 19:42 262144 --a------ C:\Sandbox\Vevik\DefaultBox\RegHive
2008-01-24 19:42 15940 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\posting[2].htm
2008-01-24 19:42 15894 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\posting[1].php
2008-01-24 19:42 1347 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\ukaztomod[1].php
2008-01-24 19:42 12497 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\profile[1].php
2008-01-24 19:42 12492 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\profile[1].png
2008-01-24 19:42 1024 --ah----- C:\Sandbox\Vevik\DefaultBox\RegHive.LOG
2008-01-24 19:41 8406 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\viewtopic[1].php
2008-01-24 19:41 64644 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\viewforum[2].htm
2008-01-24 19:41 6252 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\viewforum[1].php
2008-01-24 19:41 61706 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\posting[1].htm
2008-01-24 19:41 5361 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\posting[1].php
2008-01-24 19:41 5361 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\posting[1].php
2008-01-24 19:41 5247 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\forum[1]
2008-01-24 19:41 49722 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\posting[1].htm
2008-01-24 19:41 43 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\spacer[1].gif
2008-01-24 19:41 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\dot[1].gif
2008-01-24 19:41 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\dot[1].gif
2008-01-24 19:41 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\dot[1].gif
2008-01-24 19:41 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\dot[1].gif
2008-01-24 19:41 419 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\019[1].gif
2008-01-24 19:41 31096 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\forum[1].htm
2008-01-24 19:41 31096 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\forum[1].htm
2008-01-24 19:41 29568 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\viewtopic[1].htm
2008-01-24 19:41 15940 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\posting[1].htm
2008-01-24 19:41 15940 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\posting[1].htm
2008-01-24 19:41 15893 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\posting[1].php
2008-01-24 19:41 1347 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\ukaztomod[1].php
2008-01-24 19:41 1347 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\ukaztomod[1].php
2008-01-24 19:41 12549 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\posting[1].php
2008-01-24 19:41 11277 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\profile[1].png
2008-01-24 19:41 11263 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\profile[1].php
2008-01-24 19:41 11212 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\profile[1].php
2008-01-24 19:41 11211 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\profile[1].png
2008-01-24 19:41 10900 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\login[1].htm
2008-01-24 19:40 8406 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\viewtopic[1].php
2008-01-24 19:40 816 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\105[1].gif
2008-01-24 19:40 67 ---hs---- C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\desktop.ini
2008-01-24 19:40 64644 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\viewforum[1].htm
2008-01-24 19:40 64644 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\viewforum[1].htm
2008-01-24 19:40 6255 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\viewforum[2].php
2008-01-24 19:40 61761 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\posting[1].htm
2008-01-24 19:40 537 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\011[1].gif
2008-01-24 19:40 5245 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\forum[1]
2008-01-24 19:40 49 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\spacer[1].gif
2008-01-24 19:40 3934 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\login[1].php
2008-01-24 19:40 31096 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\forum[1].htm
2008-01-24 19:40 29568 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\viewtopic[1].htm
2008-01-24 19:40 29568 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\viewtopic[1].htm
2008-01-24 19:40 291 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\022[1].gif
2008-01-24 19:40 254 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\098[1].gif
2008-01-24 19:40 241 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\017[1].gif
2008-01-24 19:40 234 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\018[1].gif
2008-01-24 19:40 2085 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\116[1].gif
2008-01-24 19:40 174 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\icon_mad[1].gif
2008-01-24 19:40 174 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\icon_smile[1].gif
2008-01-24 19:40 171 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\icon_sad[1].gif
2008-01-24 19:40 1702 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\020[1].gif
2008-01-24 19:40 1666 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\015[1].gif
2008-01-24 19:40 15940 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\posting[1].htm
2008-01-24 19:40 1591 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\009[1].gif
2008-01-24 19:40 1336 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\008[1].gif
2008-01-24 19:40 1300 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\024[1].gif
2008-01-24 19:40 1274 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\icon_profile[1].gif
2008-01-24 19:40 1257 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\016[1].gif
2008-01-24 19:40 1214 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\026[1].gif
2008-01-24 19:40 1184 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\icon_pm[1].gif
2008-01-24 19:40 11480 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\profile[1].php
2008-01-24 19:40 11450 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\profile[1].png
2008-01-24 19:40 1109 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\005[1].gif
2008-01-24 19:40 10899 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\login[1].htm
2008-01-24 19:40 0 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\FPMRJ28V\spacer[1].gif
2008-01-24 19:37 172 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\icon_biggrin[1].gif
2008-01-24 19:36 67 ---hs---- C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\desktop.ini
2008-01-24 19:36 48005 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\pcporadenstvi[1].htm
2008-01-24 19:36 314 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\reply[1].gif
2008-01-24 19:36 1245 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\49STLINO\icon_quote[1].gif
2008-01-24 19:35 81920 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Cookies\index.dat
2008-01-24 19:35 32768 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\History\History.IE5\MSHist012008012420080125\index.dat
2008-01-24 19:35 3096576 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2008-01-24 19:35 1835008 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\History\History.IE5\index.dat
2008-01-23 17:10 6259 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\viewforum[1].php
2008-01-23 17:10 5892 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\show_ads[1].js
2008-01-23 17:10 5624 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\drupal[1].js
2008-01-23 17:10 43 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\banner1[1].gif
2008-01-23 17:10 3755 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\advpoll-vote[1].js
2008-01-23 17:10 3055 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\jquery.form[1].js
2008-01-23 17:10 28 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\pl[1].htm
2008-01-23 17:10 19340 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\jquery[1].js
2008-01-23 17:10 17232 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\show_ads[2].js
2008-01-23 17:10 1143 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\menuExpandable4[1].js
2008-01-23 17:09 426 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\nudle03[1].gif
2008-01-23 17:09 32768 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\History\History.IE5\MSHist012008012320080124\index.dat
2008-01-23 17:09 113 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\hit[1].gif
2008-01-22 17:25 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\dot[1].gif
2008-01-22 17:25 28 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\pl[1].htm
2008-01-22 17:25 28 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\pl[1].htm
2008-01-22 17:25 17641 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\profile[1].htm
2008-01-22 17:25 17608 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\profile[1].htm
2008-01-22 17:24 2437 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\15798296.thumbnail[1].jpg
2008-01-22 17:24 2361 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\men%C5%A1%C3%AD%20chybka.thumbnail[1].jpg
2008-01-22 17:24 17655 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\registeradeac9b8[1].htm
2008-01-22 17:24 17581 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\register9c76a105[1].htm
2008-01-22 17:24 17433 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\profile[1].htm
2008-01-22 17:24 14083 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\registere2e4b1c5[1].htm
2008-01-22 17:23 42 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\dot[1].gif
2008-01-22 17:23 3625 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\800-2_Fast_2_Furious_2003_Eva_Mendes_Dodge_Challenger.thumbnail[1].jpg
2008-01-22 17:23 28 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\pl[1].htm
2008-01-22 17:23 28 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\pl[1].htm
2008-01-22 17:23 2299 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\DSCF7815.thumbnail[1].jpg
2008-01-22 17:23 17630 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\registerdd996c29[1].htm
2008-01-22 17:23 17616 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\registeree183106[1].htm
2008-01-22 17:23 17368 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\register[1].htm
2008-01-22 17:22 993 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\mini-readmore[1].png
2008-01-22 17:22 923 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\back[1].jpg
2008-01-22 17:22 923 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\background[1].jpg
2008-01-22 17:22 816 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\pagerank[1].jpg
2008-01-22 17:22 764 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\layout[1].css
2008-01-22 17:22 764 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\feed[1].png
2008-01-22 17:22 6827 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\firefox-logo[1].png
2008-01-22 17:22 67581 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\viewforum[1].htm
2008-01-22 17:22 616 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\folder_lock[1].gif
2008-01-22 17:22 5159 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\Saphic[1].css
2008-01-22 17:22 448534 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\Grafika1[1].jpg
2008-01-22 17:22 4405 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\budik[1].jpg
2008-01-22 17:22 4268 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\notebooks[1].jpg
2008-01-22 17:22 3984 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\openoffice[1].jpg
2008-01-22 17:22 3924 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\logo_agp[1].jpg
2008-01-22 17:22 3764 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\mini-category[1].png
2008-01-22 17:22 36964 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\horni[1].jpg
2008-01-22 17:22 3638 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\favicon[1].ico
2008-01-22 17:22 354 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\formIE[1].css
2008-01-22 17:22 3512 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\logo_office[1].jpg
2008-01-22 17:22 3482 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\spam[1].jpg
2008-01-22 17:22 310 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\post[1].gif
2008-01-22 17:22 2961 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\image004[1].jpg
2008-01-22 17:22 2919 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\02.thumbnail[1].jpg
2008-01-22 17:22 28 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\pl[1].htm
2008-01-22 17:22 2709 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\emg[1].jpg
2008-01-22 17:22 2648 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\google-pc[1].jpg
2008-01-22 17:22 2561 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\t4149[1].jpg
2008-01-22 17:22 2468 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\moviemaker[1].gif
2008-01-22 17:22 2332 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\DSCF7777.thumbnail[1].jpg
2008-01-22 17:22 225 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\cellpic1[1].gif
2008-01-22 17:22 217 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\mini-comment[1].png
2008-01-22 17:22 21617 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\menu[1].jpg
2008-01-22 17:22 2106 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\DSCF7794.thumbnail[1].jpg
2008-01-22 17:22 202 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\cellpic2[1].gif
2008-01-22 17:22 202 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\background3[1].gif
2008-01-22 17:22 195 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\folder_big[1].gif
2008-01-22 17:22 1850 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\h36[1].jpg
2008-01-22 17:22 1799 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\folder_hot[1].gif
2008-01-22 17:22 1792 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\vyvoj.thumbnail[1].jpg
2008-01-22 17:22 177 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\whosonline[1].gif
2008-01-22 17:22 175 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\menu-leaf[1].gif
2008-01-22 17:22 1687 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\logo_netvibes[1].jpg
2008-01-22 17:22 1670 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\mik[1].gif
2008-01-22 17:22 167 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\41WJYZMF\folder_new_big[1].gif
2008-01-22 17:22 15773 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\style[1].css
2008-01-22 17:22 15565 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\login[1].htm
2008-01-22 17:22 15489 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\login[1].htm
2008-01-22 17:22 15309 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\login[1].htm
2008-01-22 17:22 148 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\52RURQPK\folder[1].gif
2008-01-22 17:22 1470 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\logo[1].png
2008-01-22 17:22 135 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\icon_latest_reply[1].gif
2008-01-22 17:22 12292 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\54df8c57163c4d990448599e64c0d469[1].css
2008-01-22 17:22 122 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\icon_minipost[1].gif
2008-01-22 17:22 11780 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\YBJF70L1\7e7b0a71f0fb39412b7813b342fe72a1[1].css
2008-01-22 17:22 1091 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\7RP0OIQV\folder_locked_big[1].gif
2008-01-22 17:22 10047 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\3KH9JHKX\icon[1].jpg
2008-01-22 17:21 9384 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\zsjn.wz[1].htm
2008-01-22 17:21 32768 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\History\History.IE5\MSHist012008012220080123\index.dat
2008-01-22 17:21 181 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\nudle03[1].htm
2008-01-22 17:21 181 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\ad[1].htm
2008-01-22 17:21 113 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\DD01J14L\hit[1].gif
2008-01-22 09:22 156 --ah----- C:\Sandbox\Vevik\DefaultBox\drive\C\WINDOWS\SbiePst.dat
2008-01-22 06:49 13824 --ahs---- C:\Sandbox\Vevik\DefaultBox\user\current\Dokumenty\Thumbs.db
2008-01-22 06:48 231936 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temp\~DF78B5.tmp
2008-01-22 06:48 16384 --a------ C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Temp\~DF78E0.tmp
2008-01-22 06:48 10752 --ahs---- C:\Sandbox\Vevik\DefaultBox\user\current\Dokumenty\vypalit\Thumbs.db
C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Data aplikací\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Sandbox\Vevik\DefaultBox\user\current\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

((((((((((((((((((((((((((((( snapshot@2008-01-24_17.50.30,51 )))))))))))))))))))))))))))))))))))))))))
- 2008-01-24 16:43:22 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 11:39:02 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-24 16:43:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 11:39:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-24 16:43:22 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 11:39:02 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-24 16:43:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 11:39:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-24 16:43:22 7,122,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 11:39:02 7,135,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-24 16:43:22 352,256 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 11:39:02 352,256 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2007-11-17 20:20 336896]

"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 05:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:36 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-17 11:47 98304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-25 13:33 735824]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-21 20:31 2834432]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 05:00 15360]

"NoResolveTrack"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-21 20:34]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 05:00]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-11-17 20:20]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 23:08]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 05:00]

Contents of the 'Scheduled Tasks' folder
"2008-01-17 09:00:02 C:\WINDOWS\Tasks\zaloha.job"
- C:\Program Files\MySQL\MySQL Administrator 1.0\MySQLAdministrator.exe?

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 12:45:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


Obrázek uživatele Diallix

Ta zlozka C:\Sandbox sa mi nezda. Pouzivas program Sandboxie ?

Hod neake udaje z tej zlozky C:\Sandbox na virustotal.com
Tam ich skopiruj, do toho okna, uploadni a vysledky sem daj.

Pocitac preskenuj este s MWAVOM:
Dobre program nastav podla navodu hore. Nezabudni updatovat!
Po skenovani sem skopiruj log z toho dolneho okna, nie horneho.
Ked to vsetko urobis, urob este log z HijackThisu.

Obrázek uživatele Sony

Sandboxie tam mám, ale byl tam nainstalovaný až po tom odpojení, klidně ho můžu vymazat.
Tady jsou ty logy.

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "systemerrorfixer Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "broadcastpc Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "broadcastpc Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "regsort Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "w32/hllp.philis.ini Virus" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "kraze.b Virus" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "remacc.multiwebsurv Generic Malware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Soubor C:\QooBox\Quarantine\C\Documents and Settings\Vevik\Data aplikací\setup_en[1].exe.vir indentifikován jako "not-a-virus:Downloader.Win32.WinFixer.au". Provedené akce: Nic nebylo provedeno.

Předpokládám, že ten poslední řádek to bude chtít vymazat, ale mám dojem, že už to jednou mazal.

Logfile of HijackThis v1.99.1
Scan saved at 20:54, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Vevik\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zsjn.wz.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.email.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=;gopher=;http=;https=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Obrázek uživatele Diallix

Oba logy su ok. Odporucam odinstalovat Trojan Remover.
Manualne zmaz zlozku c:\qooarantine
Pocitac docisti s ccleanerom:

Ako sa chova pocitac?

Obrázek uživatele Sony

Ccleanerem jsem ho už čistila.
Počítač se chová normálně, ale to se v podstatě choval i předtím, kdyby mě neodpojili, ani bych nevěděla, že tam něco mám.
Můžu se opakování situace nějak bránit? je fakt, že jsem tam měla jenom Noda32 a firewall z Windowsu. Teď tam nechám Noda32, Spyware Terminátora pro jistotu i Ad Aware a Kerio firewall. Zbytek teda vyhážu. Doufám, že to bude stačit.

Jinak díky moc, někdy bych chtěla pochopit, jak se v těch výpisech vyznáte :-)

Obrázek uživatele Diallix

V pocitaci boli neake smejdy, korych sme sa uspesne zbavili. Branit, staci pouzivat antivir a firewall, ale nepouzivaj Terminatora a Ad Adware ako antiviry. Su to len antispyware.

V pripade problemoch sa ozvi a vsetky, doposial ziskane informacie, su ovocim niekolkorocneho ucenia.

