Trojský kôň + Vyřešeno

[nunci]

Dobrý deň,
prosím Vás potrebovala by som pomôcť. Počítač sa mi spomalil, omedzuje prístup na internet a pri prehľadávaní na internete vyhadzuje nové stránky...
Antivírus AVG mi našiel :

Test "Test celého počítače" byl dokončen.
Infekce;"4";"0";"4"
Spyware;"6";"6";"0"
Varování;"1"
Složky vybrané k testování:;"Test celého počítače"
Test zahájen:;"25. júla 2009, 12:11:11"
Test dokončen:;"25. júla 2009, 13:45:42 (1 hodin(a) 34 minut(a) 31 sekund(a))"
Celkem otestováno objektů:;"351772"
Uživatel:;"Administrator"

Infekce
Soubor;"Infekce";"Výsledek"
C:\Documents and Settings\Administrator\Desktop\Pitbull - I Know You Want Me _(Calle Ocho) (Hiphop-torrent).zip;"Trojský kůň Downloader.Generic8.ALWS";"Infikováno"
C:\Documents and Settings\Administrator\Desktop\Pitbull - I Know You Want Me _(Calle Ocho) (Hiphop-torrent).zip:\Pitbull - I Know You Want Me _(Calle Ocho).exe;"Trojský kůň Downloader.Generic8.ALWS";"Infikováno"
C:\Documents and Settings\Administrator\Desktop\Pitbull - I Know You Want Me _(Calle Ocho) (Hiphop-torrent).zip:\Pitbull - I Know You Want Me _(Calle Ocho).exe:\$JF\dlsnew.exe;"Trojský kůň Downloader.Generic8.ALWS";"Infikováno"
C:\Documents and Settings\Administrator\Desktop\Pitbull - I Know You Want Me _(Calle Ocho) (Hiphop-torrent).zip:\Pitbull - I Know You Want Me _(Calle Ocho).exe:\$JF\dlsnew.exe:\$JK\downloader.exe;"Trojský kůň Downloader.Generic8.ALWS";"Infikováno"

Spyware
Soubor;"Infekce";"Výsledek"
E:\instalačky\kaspersky antivir\avs.msi;"Adware Generic2.NO";"Smazáno"
E:\instalačky\kaspersky antivir\avs.msi:\Binary.aoltbar;"Adware Generic2.NO";"Smazáno"
E:\instalačky\kaspersky antivir\avs.msi:\Binary.aoltbar:\ü#16€\tbu09590\tbhelper.dll;"Adware Generic2.NO";"Smazáno"
E:\instalačky\pc\antivir+firewall\avs.msi;"Adware Generic2.NO";"Smazáno"
E:\instalačky\pc\antivir+firewall\avs.msi:\Binary.aoltbar;"Adware Generic2.NO";"Smazáno"
E:\instalačky\pc\antivir+firewall\avs.msi:\Binary.aoltbar:\ü#16€\tbu09590\tbhelper.dll;"Adware Generic2.NO";"Smazáno"

Varování
Soubor;"Infekce";"Výsledek"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite;"Nalezeno Tracking cookie.Doubleclick";"Potenciálně nebezpečný objekt"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite:\ad.yieldmanager.com.539b0606;"Nalezeno Tracking cookie.Yieldmanager";"Přesunuto do trezoru"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite:\ad.yieldmanager.com.8a47878;"Nalezeno Tracking cookie.Yieldmanager";"Přesunuto do trezoru"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b;"Nalezeno Tracking cookie.Yieldmanager";"Přesunuto do trezoru"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite:\ad.yieldmanager.com.ff92306;"Nalezeno Tracking cookie.Yieldmanager";"Přesunuto do trezoru"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite:\doubleclick.net.1d39bd48;"Nalezeno Tracking cookie.Doubleclick";"Přesunuto do trezoru"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\cookies.sqlite:\m.webtrends.com.b4ca7df0;"Nalezeno Tracking cookie.Webtrends";"Přesunuto do trezoru"


Posielam i výsledky z logu HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:58, on 25.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S76.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7451 bytes

Prosím,prosím pomôžte niekto

[Reklama]

[memphisto]

nevím,proč používáš AVG antispyware, když AVG 8 už antispyware má.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[nunci]

Aoj, dík za odpoveď.....tak prešla som to tým Malware a vídim,že nejako nič nenašlo...
Tu je ten log:
Malwarebytes' Anti-Malware 1.39
Verzia databázy: 2421
Windows 5.1.2600 Service Pack 3

25.7.2009 15:32:43
mbam-log-2009-07-25 (15-32-43).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 86233
Uplynutý cas: 6 minute(s), 22 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[memphisto]

AVG si s tím jakž takž poradilo. Těch Tracking cookies se zbavíš,když ve vyhledávači smažeš cookies. Nástroje - Vymazat nedávnou historii

pro jistotu uděláme ještě Combofix
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[nunci]

Posielam log z ComboFixu:

ComboFix 09-07-24.01 - Administrator 25.07.2009 16:42.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.304 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 13:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 13:24 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 13:24 . 2009-07-25 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 11:49 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-23 11:49 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-23 11:49 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-23 11:49 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-23 11:49 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-23 11:49 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-23 11:49 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-23 11:49 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-23 11:49 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-23 11:44 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-07-23 11:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-23 11:44 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 16:29 . 2009-07-13 16:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
2009-07-13 16:29 . 2009-07-13 16:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
2009-07-13 16:28 . 2009-07-13 16:28 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-13 16:28 . 2009-07-13 16:28 -------- d-----w- c:\program files\DoubleD
2009-07-13 16:27 . 2009-07-13 16:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
2009-06-28 10:38 . 2009-07-25 11:49 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-28 09:49 . 2009-06-28 09:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-28 09:49 . 2009-06-28 09:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-28 09:48 . 2009-06-28 09:48 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 09:48 . 2009-06-28 09:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-28 09:48 . 2009-07-24 08:45 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-28 09:48 . 2009-06-28 09:48 -------- d-----w- c:\program files\AVG
2009-06-28 09:48 . 2009-06-28 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-28 08:44 . 2009-06-28 08:44 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 13:20 . 2008-11-30 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-25 08:58 . 2007-11-17 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-07-22 14:32 . 2008-03-25 14:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-08 17:35 . 2009-04-04 16:14 -------- d-----w- c:\program files\Zoom Player
2009-06-28 11:13 . 2008-02-02 22:08 -------- d-----w- c:\program files\sam broake
2009-06-28 08:37 . 2007-03-10 12:27 -------- d-----w- c:\program files\AOL Security Toolbar
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2006-08-28 12:38 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:51 . 2009-06-01 14:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Inkscape
2009-06-01 14:51 . 2009-06-01 14:48 -------- d-----w- c:\program files\Inkscape
2009-05-16 07:46 . 2009-03-28 10:37 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2002-08-29 02:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2002-08-29 02:41 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2005-10-04 11:59 . 2005-10-04 11:59 420 ----a-w- c:\program files\file_id.diz
2009-07-22 10:13 . 2009-02-14 18:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-07-24 1298432]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"TrueTransparency"="c:\program files\TrueTransparency\TrueTransparency.exe" [2007-10-28 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-14 86016]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"snpstd"="c:\windows\vsnpstd.exe" [2006-08-23 339968]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 226224]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-11-16 86960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-14 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-28 09:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\WPMP150\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [23.3.2006 18:31 210304]
R0 ulipnp;ULi PnP Driver;c:\windows\system32\drivers\ulipnp.sys [23.3.2006 18:31 8064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.6.2009 11:48 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.6.2009 11:49 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28.6.2009 11:48 298776]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [28.8.2006 16:46 28672]
.
Contents of the 'Scheduled Tasks' folder

2009-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{569DAC0F-2791-46ab-8EFC-A54B77C04C20} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: &Search
IE: Download all links using BitComet - c:\documents and settings\Administrator\Desktop\BitComet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\documents and settings\Administrator\Desktop\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|www.zoznam.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 16:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-25 16:48
ComboFix-quarantined-files.txt 2009-07-25 14:48

Pre-Run: 28 616 196 096 bytes free
Post-Run: 6 adresárov, 28 578 033 664 voľných bajtov

198 --- E O F --- 2009-07-23 12:10


Díky za pomoc a za spoluprácu

[jaro3]

Zkus odinstalovat , pokud půjdou:
Internet Saving Optimizer
Media Access Startup
System Search Dispatcher
DoubleD


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
c:\program files\System Search Dispatcher
c:\program files\DoubleD
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[nunci]

Ahoj, dík za odpoveď...A ako vlastne odinštalujem Internet Saving Optimizer,Media Access Startup,System Search Dispatcher,DoubleD...kde to mám hľadať?

Posielam výsledok z čistiaceho procesu:

ComboFix 09-07-24.01 - Administrator 25.07.2009 18:37.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.259 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-182951.656.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-201324.328.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-201344.515.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-212045.375.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-220151.921.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090714-084405.175.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090714-205254.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-155229.125.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-155749.171.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-155915.421.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-155947.546.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-161041.968.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-161313.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-161557.796.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-165059.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-165622.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-170011.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-170145.828.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-170523.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-171235.437.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-160841.906.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-163109.406.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-220919.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090717-115455.390.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090717-120309.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090717-223609.984.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-161552.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-181204.953.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-190219.031.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-190312.359.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-132347.937.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-133907.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-202224.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-111213.187.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-112401.234.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-112452.796.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-112514.406.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-112546.109.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-205637.468.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-212614.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-074037.421.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-121330.375.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-125020.687.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-134832.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-134941.500.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-140440.343.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-172637.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-172724.812.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-172804.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-172810.609.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-175612.968.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-180023.328.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-180309.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-180904.578.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-181109.687.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-181614.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-182327.687.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-184831.843.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-184927.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-184949.312.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-185005.296.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-185325.671.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-185341.875.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-190045.593.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-192551.171.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-193845.250.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-200519.328.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-205606.000.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-210804.453.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211157.250.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211816.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-213502.296.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-215534.968.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-221150.859.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-222842.359.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-084231.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-095528.062.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-095812.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-095945.921.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-100020.578.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-103814.468.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-141819.421.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-141904.234.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-141946.750.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-142156.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-142641.046.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-232259.859.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-232330.703.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-104153.078.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-131038.437.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-131130.406.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-131507.156.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-142817.828.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-150328.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-150847.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-151013.171.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-153641.781.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-213920.734.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-213952.031.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-214024.953.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-214654.671.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-214704.218.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-214718.078.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-214918.296.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-215051.906.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-215156.828.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-215539.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-215826.593.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-220200.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-220324.171.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-220349.484.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-220445.218.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-221058.218.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-221341.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-222707.656.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-223217.031.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-105802.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-105926.656.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-110006.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-111007.125.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-113439.796.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-114614.984.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-120051.796.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-151925.546.log
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090713-182922.125.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090713-182951.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090713-201324.156.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090713-201344.468.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090713-212045.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090713-220151.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090714-084405.019.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090714-205254.437.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-155228.953.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-155749.015.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-155915.406.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-155947.515.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-161041.156.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-161312.062.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-161557.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-165059.546.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-165622.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-170011.078.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-170145.812.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-170523.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-171235.421.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-160841.718.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-163109.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-220917.187.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090717-115453.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090717-120309.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090717-223609.734.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-161552.000.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-181204.796.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-190218.968.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-190312.328.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-132347.750.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-133907.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-202224.078.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-111211.031.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-112401.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-112452.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-112514.390.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-112546.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-205637.312.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-212614.875.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-074037.390.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-121330.359.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-125020.640.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-134832.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-134941.484.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-140440.062.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-172637.046.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-172724.796.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-172804.859.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-172810.515.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-175612.812.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-180023.312.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-180309.234.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-180904.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-181109.656.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-181614.046.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-182327.671.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-184831.828.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-184927.531.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-184949.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-185005.234.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-185325.640.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-185341.843.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-190045.578.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-192551.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-193845.234.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-200519.296.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-205605.968.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-210804.421.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211157.218.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211816.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-213502.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-215534.937.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-221150.843.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-222842.343.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-084231.250.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-095527.906.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-095812.234.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-095945.890.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-100020.562.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-103814.421.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-141819.218.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-141904.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-141946.734.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-142156.062.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-142640.984.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-232259.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-232330.687.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-104150.046.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131038.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131130.375.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-131507.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-142817.625.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-150328.265.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-150847.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-151013.093.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-153641.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-213920.703.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-213952.000.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-214024.921.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-214654.656.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-214704.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-214718.062.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-214918.281.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-215051.875.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-215156.812.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-215539.875.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-215826.578.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-220200.546.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-220324.140.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-220349.468.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-220445.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-221058.203.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-221341.171.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-222707.625.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-223217.015.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-105802.125.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-105926.406.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-110006.250.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-111007.062.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-113439.781.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-114614.843.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-120051.765.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-151925.328.log
c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\ipdata.md
c:\program files\DoubleD
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.3.0.840\ssd.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 13:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 13:24 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 13:24 . 2009-07-25 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 11:49 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-23 11:49 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-23 11:49 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-23 11:49 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-23 11:49 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-23 11:49 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-23 11:49 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-23 11:49 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-23 11:49 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-23 11:44 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-07-23 11:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-23 11:44 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-28 10:38 . 2009-07-25 16:29 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-28 09:49 . 2009-06-28 09:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-28 09:49 . 2009-06-28 09:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-28 09:48 . 2009-06-28 09:48 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 09:48 . 2009-06-28 09:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-28 09:48 . 2009-07-25 16:32 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-28 09:48 . 2009-06-28 09:48 -------- d-----w- c:\program files\AVG
2009-06-28 09:48 . 2009-06-28 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-28 08:44 . 2009-06-28 08:44 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 16:32 . 2008-11-30 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-25 16:29 . 2007-11-17 18:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-07-22 14:32 . 2008-03-25 14:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-08 17:35 . 2009-04-04 16:14 -------- d-----w- c:\program files\Zoom Player
2009-06-28 11:13 . 2008-02-02 22:08 -------- d-----w- c:\program files\sam broake
2009-06-28 08:37 . 2007-03-10 12:27 -------- d-----w- c:\program files\AOL Security Toolbar
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2006-08-28 12:38 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:51 . 2009-06-01 14:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Inkscape
2009-06-01 14:51 . 2009-06-01 14:48 -------- d-----w- c:\program files\Inkscape
2009-05-16 07:46 . 2009-03-28 10:37 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2002-08-29 02:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2002-08-29 02:41 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2005-10-04 11:59 . 2005-10-04 11:59 420 ----a-w- c:\program files\file_id.diz
2009-07-22 10:13 . 2009-02-14 18:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_14.46.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-25 16:27 . 2009-07-25 16:27 16384 c:\windows\Temp\Perflib_Perfdata_278.dat
+ 2001-08-23 12:00 . 2009-07-25 16:32 52900 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-07-25 13:23 52900 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-07-25 16:32 380486 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-07-25 13:23 380486 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-07-24 1298432]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"TrueTransparency"="c:\program files\TrueTransparency\TrueTransparency.exe" [2007-10-28 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-14 86016]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"snpstd"="c:\windows\vsnpstd.exe" [2006-08-23 339968]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 226224]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-11-16 86960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-14 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-28 09:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\WPMP150\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [23.3.2006 18:31 210304]
R0 ulipnp;ULi PnP Driver;c:\windows\system32\drivers\ulipnp.sys [23.3.2006 18:31 8064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.6.2009 11:48 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.6.2009 11:49 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28.6.2009 11:48 298776]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [28.8.2006 16:46 28672]
.
Contents of the 'Scheduled Tasks' folder

2009-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: &Search
IE: Download all links using BitComet - c:\documents and settings\Administrator\Desktop\BitComet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\documents and settings\Administrator\Desktop\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m1mftinc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|www.zoznam.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(128)
c:\program files\LClock\LC.dll
.
Completion time: 2009-07-25 18:46
ComboFix-quarantined-files.txt 2009-07-25 16:46
ComboFix2.txt 2009-07-25 14:48

Pre-Run: 28 545 818 624 bytes free
Post-Run: 6 adresárov, 28 502 786 048 voľných bajtov

424 --- E O F --- 2009-07-23 12:10



A log z HijackThisu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:49, on 25.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Administrator\Desktop\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6801 bytes

[jaro3]

No normálně Start-ovl. panely- přidat/odebrat programy , ale teď už jsme smázli složky , tak tam nic nebude (asi)..
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


Tuto stránku si tam vkládal sám:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php

??
pokud ne , tak taky fix.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.

[nunci]

Aoj,tak som urobila všetko podľa pokynov...ale i tak sa nič nezmenilo...počítač je síce rýchlejší,ale i tak vypína internet, vyhadzuje stránky, pri prehrávaní pesničiek seká na pár sekúnd....Je k dispozícii ešte nejaký postup na odstránenie? Prosím

[jaro3]

Proveď kontrolu a vlož sem log z Kaspersky Online Scanner!

-Ve vistě musíš prohlížeč otevřít jako administrátor. K užití skeneru je třeba stáhnout a nainstalovat programové soubory a databázi.
-V Linuxu skener neskenuje RAM, boot. sektor a MBR, takže nemůže detekovat nákazy v těchto místech.
-Skener detekuje nákazy, které jsou již v PC, takže se potom dají manuálně smazat.
-Před skenem je vhodné vypnout rez. ochranu antiviru a antispywaru.
Klikni na Accept, k potvrzení podmínek.
Pokud se Ti objeví okno zabezpečení prostředí java- dej přijmout.
- Začne se stahovat databáze a program.
- Po jeho skončení klikni vlevo na pod Scan na My computer
Začne sken Tvého PC.
Sken může trvat i několik hodin.. Po ukončení skenu klikni na Scan Report.
Poté zvol Save a název zvol: KAV.
Obsah mi sem prosím zkopíruj.

Potom zkus ještě defragmentaci HDD.

[nunci]

Aoj...tak tady je ten obsah z Kasperskeho online scanneru:

Sunday, July 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 26, 2009 13:57:03
Records in database: 2547536
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 85913
Threat name 3
Infected objects 6
Suspicious objects 0
Duration of the scan 01:29:47

File name Threat name Threats count
C:\Documents and Settings\Administrator\Desktop\Pitbull - I Know You Want Me _(Calle Ocho) (Hiphop-torrent).zip Infected: Trojan-Downloader.Win32.VB.mcm 1
C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll.vir Infected: Trojan-Downloader.Win32.Agent.cikx 1
C:\System Volume Information\_restore{B62DABB2-B8DF-4436-BAD8-54170ACBF0E1}\RP389\A0103190.exe Infected: Trojan-Downloader.Win32.VB.mcm 1
C:\System Volume Information\_restore{B62DABB2-B8DF-4436-BAD8-54170ACBF0E1}\RP407\A0109893.dll Infected: Trojan-Downloader.Win32.Agent.cikx 1
E:\instalačky\DSPlayer_v0.888_free.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 2
The selected area was scanned.

[jaro3]

Najdi a smaž:
C:\Documents and Settings\Administrator\Desktop\Pitbull - I Know You Want Me _(Calle Ocho) (Hiphop-torrent).zip
E:\instalačky\DSPlayer_v0.888_free.exe

Tu defragmentaci si provedla?
možná by to chtělo zkontrolovat HDD a RAM Memtestem.

odinstalovala si Combofix??

Najdi a smaž:
C:\327882R2FWJFW
C:\ComboFix
C:\qoobox