MyCity » Ambulanta -> Arhiva Ambulante » Kompjuter se zamrzava i sporije radi

Kompjuter se zamrzava i sporije radi

Napisano na dan: 3.12.2009

Kompjuter se zamrzava i sporije radi

Sledeća strana

Pagination

Odgovori

maki170582 Poslao: 03 Dec 2009 16:07 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sve je pocelo pre 7 dana. Posle minut dva nakon dizanja sistema komp se totalno ukoci i nereaguje ni tastatura a ni mis. Pre nego se kom ukoci video sam dva cna prozora u kojima pri vrhu pise nesto 131.exe i 165.exe..... . Pokusao sam resiti problem ciscenjem kompjutera pomocu AVIRA anti virusa i takodje iskljucivanjem nekih service komponenti za koje sam na ovom forumu procitao da se mogu iskljuciti kako bi se poboljsao rad kompjutera.. -moj komp- AMD Sempron(tm) Procesor 2800+ 1.61 GHz, 512MB ram service pack 2 32 bit windows, internet konekcija -3MB(flat protok) Kad sam se obratio za pomoc ljudi sa ovog foruma su mi rekli da probam sa system restore(koji mi nije pomogao) i nakon toga da upotrebim start=run=msconfig gde su me savetovali da ostavim ukljucenjo samo cftmon i avgnt. Nakon restarta komp je poceo raditi a posle toga su mi savetovali da otvorim ovde temu i okacim log file, stocu sada i upravo uraditi. Hvala unapred.... DDS (Ver_09-12-01.01) - NTFSx86 Run by test at 15:51:25.98 on Thu 12/03/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.204 [GMT 1:00] AV: AntiVir Desktop On-access scanning enabled (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\test\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\bndmss.exe,c:\docume~1\test\locals~1\temp\504.exe,c:\docume~1\test\locals~1\temp\012.exe,c:\docume~1\test\locals~1\temp\124.exe,c:\docume~1\test\locals~1\temp\990.exe,c:\docume~1\test\locals~1\temp\131.exe,c:\docume~1\test\locals~1\temp\165.exe,c:\docume~1\test\locals~1\temp\188.exe,c:\docume~1\test\locals~1\temp\084.exe,c:\docume~1\test\locals~1\temp\561.exe,c:\docume~1\test\locals~1\temp\382.exe,c:\docume~1\test\locals~1\temp\336.exe,c:\docume~1\test\locals~1\temp\899.exe,c:\docume~1\test\locals~1\temp\705.exe,c:\docume~1\test\locals~1\temp\849.exe,c:\docume~1\test\locals~1\temp\174.exe,c:\docume~1\test\locals~1\temp\921.exe,c:\docume~1\test\locals~1\temp\383.exe,c:\docume~1\test\locals~1\temp\595.exe,c:\docume~1\test\locals~1\temp\318.exe,c:\docume~1\test\locals~1\temp\620.exe,c:\docume~1\test\locals~1\temp\609.exe,c:\docume~1\test\locals~1\temp\143.exe,c:\docume~1\test\locals~1\temp\185.exe,c:\docume~1\test\locals~1\temp\882.exe,c:\docume~1\test\locals~1\temp\608.exe,c:\docume~1\test\locals~1\temp\086.exe,c:\docume~1\test\locals~1\temp\706.exe,c:\docume~1\test\locals~1\temp\006.exe mWinlogon: Taskman=c:\recycler\s-1-5-21-8045350982-5147004248-118129150-7852\winmap32.exe uWinlogon: Shell=c:\recycler\s-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe,c:\recycler\s-1-5-21-8045350982-5147004248-118129150-7852\winmap32.exe,explorer.exe,c:\recycler\s-1-5-21-9922979718-4814673928-996242426-5111\winmap32.exe BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Hotbar: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\hotbar\bin\11.0.78.0\HostIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Hotbar: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\hotbar\bin\11.0.78.0\HostIE.dll EB: Hotbar Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\hotbar\bin\11.0.78.0\HostIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mRun: [svckhost.exe] c:\windows\system32\svckhost.exe mRun: [scvkhost.exe] c:\windows\system32\scvkhost.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [Windows Network Data Management System Service] "c:\windows\system32\bndmss.exe" * IE: E&xport to Microsoft Excel - c:\progra~1\mi699f~1\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\e8main1.dll mASetup: {6CC1F8BF-EA0B-1997-6CCB-7DC1BB14BC1F} - c:\windows\system32\scvkhost.exe mASetup: {FC81A98F-9675-1900-11CE-21D45813F426} - c:\windows\system32\svckhost.exe ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-26 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-26 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-26 185089] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-11-26 434945] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-18 55656] S2 BNDMSS;Windows Network Data Management System Service;c:\windows\system32\bndmss.exe --> c:\windows\system32\bndmss.exe [?] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-11-26 194817] =============== Created Last 30 ================ 2009-12-03 14:41:00 376 ----a-w- c:\windows\ODBC.INI 2009-12-03 14:39:21 0 d-----w- c:\program files\Microsoft Office 2003 2009-12-02 21:38:07 0 d-----w- c:\program files\MagicISO 2009-12-02 15:12:10 0 d-----w- c:\windows\pss 2009-11-25 15:22:54 0 d-----w- c:\windows\system32\wbem\Repository 2009-11-21 16:38:52 0 d-----w- c:\program files\Internet Download Manager 2009-11-21 16:15:05 204 ----a-w- c:\windows\system32\secustat.dat 2009-11-21 15:58:19 8509 ----a-w- c:\windows\system32\secushr.dat 2009-11-21 15:53:42 25 ----a-w- c:\windows\libem.INI 2009-11-21 15:53:35 0 d-----w- c:\docume~1\test\applic~1\BITS 2009-11-21 15:53:30 0 d-----w- c:\docume~1\test\applic~1\FlashGetBHO 2009-11-21 15:53:29 0 d-----w- c:\program files\FlashGet Network 2009-11-19 16:09:17 0 d-----w- c:\docume~1\test\applic~1\IDM 2009-11-18 21:36:25 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-18 21:36:21 0 d-----w- c:\program files\Avira 2009-11-18 21:36:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2009-11-18 18:27:35 0 d-sh--r- c:\windows\system32\schvkost 2009-11-18 18:27:25 167936 ----a-w- c:\docume~1\test\applic~1\cu.exe 2009-11-18 18:26:04 90112 ----a-w- c:\windows\system32\svckhost.2.exe ==================== Find3M ==================== ============= FINISH: 15:51:45.71 =============== mycity.rs/must-login.png

Profil

helen1 Poslao: 03 Dec 2009 16:11 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

maki170582 Poslao: 05 Dec 2009 19:04 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-12-04.05 - test 12/05/2009 18:50.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.282 [GMT 1:00] Running from: c:\documents and settings\test\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\docume~1\test\LOCALS~1\Temp\cvasds0.dll c:\documents and settings\Administrator\Application Data\bcrypt.html c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 c:\documents and settings\test\Application Data\bcrypt.html c:\documents and settings\test\Application Data\BITS c:\documents and settings\test\Application Data\BITS\BITS.ini c:\documents and settings\test\Application Data\BITS\DHTTable.dat c:\documents and settings\test\Application Data\BITS\pl.dat c:\documents and settings\test\Application Data\BITS\ProxyList.ini c:\documents and settings\test\Application Data\BITS\UPnP.ini c:\documents and settings\test\Application Data\FlashGetBHO c:\documents and settings\test\Application Data\FlashGetBHO\FlashGetBHO3.dll c:\documents and settings\test\Application Data\FlashGetBHO\GetAllUrl.htm c:\documents and settings\test\Application Data\FlashGetBHO\GetUrl.htm c:\documents and settings\test\Application Data\Hotbar c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1056052.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1063425.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1067187.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1211545.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1405661.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\1423085.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2074658.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2208948.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2269969.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2487932.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2603649.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2731686.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\2791350.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\287322.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\287969.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\319435.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3251993.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3271803.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3340762.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3404705.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3730773.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3852296.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3865128.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\3866731.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\600583.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\625696.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\806451.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\890068.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\914813.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\962412.sdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\1000066886 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\104622 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\13608 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\173081 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\191116 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\194105 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\197078 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\198406 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\218712 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\218859 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\22254 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\230333 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\24098 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\243256 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\24996 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\251440 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\252531 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\26656 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\278975 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\29115 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\29297 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\308876 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\32122 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\336286 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\34123 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\342421 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\35047 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\360144 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\37628 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\38868 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\389687 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\40256 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\41526 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\41588 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\41980 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\42208 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\43979 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44228 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\44306 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\449274 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\449624 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\45833 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\466728 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\471072 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\516754 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\532492 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\54473 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\567442 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\585345 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\61779 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\61837 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\64441 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\64495 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\66836 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\68040 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\72123 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\73197 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\737665 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\73775 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\743412 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\744930 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745165 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\745170 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\750700 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753042 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753333 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753576 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753590 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753619 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753634 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\753635 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\82403 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\82646 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\85193 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\87995 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\89658 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\90603 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\92930 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\93535 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\93899 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\94789 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\98229 c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\38e6.dat c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\ads.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans.idx c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\btntrans1.dat c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\business_promo.htm c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\buttondir.txt c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\components.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\cursors.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_1000.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_2000.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_3000.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bar.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_bbar1.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_logos.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_buttons_other.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\d_icons_weather.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\default.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_511745-514279.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz1.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz10.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz11.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz12.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz13.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz14.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz15.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz16.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz17.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz18.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz19.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz2.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz20.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz3.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz4.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz5.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz6.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz7.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz8.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_bidz9.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_categorize.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_comparison.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-Mails.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_explorer-people.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_favorites.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Games.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hide.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hotbarcom.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Hotmail.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_hsskin.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemster.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsterie.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jemsteruk.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_jobsearch.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_Mails.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_new.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_premium.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_reun.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_ringtones.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_SearchBoxTrapper.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchfor.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_searchgo.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_weather.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Default_yellowpages.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\editblbuttons.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-548964.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\email-def-511724-9595.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\email-t1-bg.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesmenu.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\gamesMenu.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\hb_ie_menu.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar-premium.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\icons2.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_games_icon.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\ie_video.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords.idx c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\keywords1.dat c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\layout.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\linkpathlegal.txt c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\more.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\new_games.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\progress.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\s_icons_buttons.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\sales_buttons.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\sdfmodifier.xml c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\t2_bg.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\theweb.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\top7.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\Top7_theweb.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\tsd_bg.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\1\weathericon.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.idx c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords1.dat c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip c:\documents and settings\test\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip c:\documents and settings\test\Application Data\Hotbar\Weather\Weather_XML\General c:\documents and settings\test\Application Data\Hotbar\Weather\WeatherStartup.xml c:\documents and settings\test\Application Data\WeatherDPA c:\program files\ATI Technologies\ATI.ACE\atIAcmxx.dll c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn2.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_0_6.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_0_9.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1_2.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_2_2.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4325355.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_432555.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon02.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-2_1.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-2_2.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1258686045.zip c:\program files\FlashGet Network\FlashGet 3\dat\directui\down.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\game1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico01.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico02.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\line.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\new_rescenter.txt c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\pic_bg.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\preview.gif c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg1 c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft_zhan.jpg c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\adconfig.ini c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851 c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455 c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859 c:\recycler\S-1-5-21-0911359125-0844104622-321749537-3242 c:\recycler\S-1-5-21-4460394967-5735447931-949830381-5488 c:\recycler\S-1-5-21-5168759672-9505675121-591647240-9367 c:\recycler\S-1-5-21-5174907113-3993642724-706541195-9781 c:\recycler\S-1-5-21-8045350982-5147004248-118129150-7852 c:\recycler\S-1-5-21-8518187754-2079845180-833174917-9864 c:\recycler\S-1-5-21-9282820841-3774762154-101373028-6952 c:\recycler\S-1-5-21-9651298570-0876867272-000284598-6720 c:\recycler\S-1-5-21-9922979718-4814673928-996242426-5111 c:\windows\AhnRpta.exe c:\windows\system32\secustat.dat D:\autorun.inf E:\autorun.inf F:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BNDMSS -------\Service_AVPsys -------\Service_BNDMSS ((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 ))))))))))))))))))))))))))))))) . 2009-12-03 14:39 . 2009-12-03 14:45 -------- d-----w- c:\program files\Microsoft Office 2003 2009-12-03 14:34 . 2009-12-03 14:34 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\PCHealth 2009-12-02 21:38 . 2009-12-02 21:39 -------- d-----w- c:\program files\MagicISO 2009-11-26 14:07 . 2009-11-26 14:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-26 14:07 . 2009-11-26 14:03 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-26 14:07 . 2009-11-26 14:03 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-25 15:22 . 2009-11-25 15:22 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-21 16:38 . 2009-11-21 16:41 -------- d-----w- c:\program files\Internet Download Manager 2009-11-21 15:58 . 2009-11-21 16:13 8509 ----a-w- c:\windows\system32\secushr.dat 2009-11-19 16:09 . 2009-11-19 16:09 -------- d-----w- c:\documents and settings\test\Application Data\IDM 2009-11-18 21:36 . 2009-11-26 14:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-18 21:36 . 2009-11-26 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-18 21:36 . 2009-11-18 21:36 -------- d-----w- c:\program files\Avira 2009-11-18 18:27 . 2009-11-18 18:28 -------- d-sh--r- c:\windows\system32\schvkost 2009-11-18 18:27 . 2009-11-18 18:27 167936 ----a-w- c:\documents and settings\test\Application Data\cu.exe 2009-11-18 18:26 . 2009-11-18 18:26 90112 ----a-w- c:\windows\system32\svckhost.2.exe 2009-11-10 23:28 . 2009-11-10 23:28 247280 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-05 17:45 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent 2009-12-05 06:39 . 2009-03-29 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-03 19:31 . 2009-03-29 15:45 78904 ----a-w- c:\documents and settings\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-28 20:05 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype 2009-11-28 15:51 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat 2009-11-28 15:17 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM 2009-11-21 17:57 . 2009-08-24 20:39 -------- d-----w- c:\documents and settings\test\Application Data\LimeWire 2009-11-21 16:41 . 2009-03-29 18:23 -------- d-----w- c:\documents and settings\test\Application Data\DMCache 2009-11-18 21:19 . 2009-09-30 11:29 -------- d-----w- c:\program files\DivX 2009-10-07 10:55 . 2009-05-06 20:54 -------- d-----w- c:\program files\AMT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-29 270128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-11-26 209153] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 10:32 PM 682232] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/26/2009 3:07 PM 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/26/2009 3:07 PM 434945] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 4:37 PM 133104] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/26/2009 3:07 PM 194817] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6CC1F8BF-EA0B-1997-6CCB-7DC1BB14BC1F}] c:\windows\system32\scvkhost.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC81A98F-9675-1900-11CE-21D45813F426}] c:\windows\system32\svckhost.exe . Contents of the 'Scheduled Tasks' folder 2009-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] 2009-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-svckhost.exe - c:\windows\system32\svckhost.exe HKLM-Run-scvkhost.exe - c:\windows\system32\scvkhost.exe HKU-Default-Run-Windows Network Data Management System Service - c:\windows\system32\bndmss.exe AddRemove-NVIDIA Drivers - c:\windows\system32\nvunrm.exe UninstallGUI AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-05 18:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run svckhost.exe = c:\windows\system32\svckhost.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scvkhost.exe = c:\windows\system32\scvkhost.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x825D81E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf86a9fc3 \Driver\ACPI -> ACPI.sys @ 0xf843ccb8 \Driver\atapi -> 0x825d81e8 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44 ParseProcedure -> ntkrnlpa.exe @ 0x80576964 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44 ParseProcedure -> ntkrnlpa.exe @ 0x80576964 NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf82dbba0 PacketIndicateHandler -> NDIS.sys @ 0xf82e8b21 SendHandler -> NDIS.sys @ 0xf82c687b Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}] @Denied: (Full) (Everyone) "Model"=dword:00000092 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d, 30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(772) c:\program files\Avira\AntiVir Desktop\avsda.dll - - - - - - - > 'explorer.exe'(2772) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\Ati2evxx.exe c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-12-05 19:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-05 18:01 Pre-Run: 2,466,238,464 bytes free Post-Run: 3,631,005,696 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 99B0E7FB2FDB3918068C80D332556EC2

Profil

helen1 Poslao: 05 Dec 2009 19:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\windows\system32\schvkost File:: c:\documents and settings\test\Application Data\cu.exe c:\windows\system32\svckhost.2.exe c:\windows\system32\scvkhost.exe c:\windows\system32\svckhost.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6CC1F8BF-EA0B-1997-6CCB-7DC1BB14BC1F}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC81A98F-9675-1900-11CE-21D45813F426}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

maki170582 Poslao: 06 Dec 2009 16:51 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Helen1 Hvala ti puno!!! ComboFix 09-12-05.06 - test 12/06/2009 16:40.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.273 [GMT 1:00] Running from: c:\documents and settings\test\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\test\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} FILE :: "c:\documents and settings\test\Application Data\cu.exe" "c:\windows\system32\scvkhost.exe" "c:\windows\system32\svckhost.2.exe" "c:\windows\system32\svckhost.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\test\Application Data\cu.exe c:\windows\system32\schvkost c:\windows\system32\schvkost\logs.dat c:\windows\system32\schvkost\plugin.dat c:\windows\system32\schvkost\schvkost.exe c:\windows\system32\svckhost.2.exe . ((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 ))))))))))))))))))))))))))))))) . 2009-12-06 15:37 . 2009-12-06 15:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2009-12-03 14:39 . 2009-12-03 14:45 -------- d-----w- c:\program files\Microsoft Office 2003 2009-12-03 14:34 . 2009-12-03 14:34 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\PCHealth 2009-12-02 21:38 . 2009-12-02 21:39 -------- d-----w- c:\program files\MagicISO 2009-11-26 14:07 . 2009-11-26 14:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-26 14:07 . 2009-11-26 14:03 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-26 14:07 . 2009-11-26 14:03 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-25 15:22 . 2009-11-25 15:22 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-21 16:38 . 2009-11-21 16:41 -------- d-----w- c:\program files\Internet Download Manager 2009-11-21 15:58 . 2009-11-21 16:13 8509 ----a-w- c:\windows\system32\secushr.dat 2009-11-19 16:09 . 2009-11-19 16:09 -------- d-----w- c:\documents and settings\test\Application Data\IDM 2009-11-18 21:36 . 2009-11-26 14:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-18 21:36 . 2009-11-26 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-18 21:36 . 2009-11-18 21:36 -------- d-----w- c:\program files\Avira 2009-11-10 23:28 . 2009-11-10 23:28 247280 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-06 15:43 . 2009-03-29 21:27 -------- d-----w- c:\program files\Google 2009-12-06 15:35 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent 2009-12-05 20:12 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype 2009-12-05 19:12 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM 2009-12-05 06:39 . 2009-03-29 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-03 19:31 . 2009-03-29 15:45 78904 ----a-w- c:\documents and settings\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-28 15:51 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat 2009-11-21 17:57 . 2009-08-24 20:39 -------- d-----w- c:\documents and settings\test\Application Data\LimeWire 2009-11-21 16:41 . 2009-03-29 18:23 -------- d-----w- c:\documents and settings\test\Application Data\DMCache 2009-11-18 21:19 . 2009-09-30 11:29 -------- d-----w- c:\program files\DivX . ((((((((((((((((((((((((((((( SnapShot@2009-12-05_17.58.23 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-06 15:37 . 2009-12-06 15:37 16384 c:\windows\Temp\Perflib_Perfdata_210.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-29 270128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-11-26 209153] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/26/2009 3:07 PM 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/26/2009 3:07 PM 434945] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 10:32 PM 682232] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 4:37 PM 133104] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/26/2009 3:07 PM 194817] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-06 16:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}] @Denied: (Full) (Everyone) "Model"=dword:00000092 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d, 30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(712) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2009-12-06 16:48 ComboFix-quarantined-files.txt 2009-12-06 15:48 ComboFix2.txt 2009-12-05 18:01 Pre-Run: 3,569,901,568 bytes free Post-Run: 3,541,471,232 bytes free - - End Of File - - F637531EC5337526C06CD14B09E02BB0

Profil

helen1 Poslao: 06 Dec 2009 17:03 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

maki170582 Poslao: 07 Dec 2009 07:30 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa za sada radi kao sat!! Hvala ti helen1...... pozdrav!!!!!!!!!

Profil

helen1 Poslao: 07 Dec 2009 13:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Pozzz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kompjuter se zamrzava i sporije radi

Ko je trenutno na forumu

Ukupno su 688 korisnika na forumu :: 1 registrovan, 0 sakrivenih i 687 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Nikola70

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by