Vesti

Igrice     ||     Zaštita od virusa     ||     Vesti dana na Facebook-u
Trenutni indeks Trenutni indeks Tech deo Opsti deo Vojni deo
Igrice i igre  
Mikrotik, Wavearena, TP-Link, Kingnet, SparkLAN, Planet - Exeshop.rs - Wifi Antene, Routerboard, Kamere, Ruteri, Konektori, UTP i LMR Kablovi, Powerline, POE, Napajanja
Linkujte MyCity sa vašeg sajta/bloga
 
 

Blokiranje racunara, desni klik misa..........

  
Indeks -> MyCity forum -> Ambulanta -> Arhiva Ambulante -> Blokiranje racunara, desni klik misa..........
Napisano na dan: 2.2.2010, pogledaj vesti za 02. Feb 2010.
Poslao: 02 Feb 2010 00:29
zborce
Turista
 
Pridružio: 30 Dec 2009
Poruke: 24


[Povratak na vrh]


Pozdrav!
Korak 1.
a) Racunar blokira na taj nacin sto desnim klikom misa
na bilo koji dokument i racunar se "zaledi", pescanik krene
da vrti i nije mi vise dostupna nijedna funkcija. Nakon toga
samo rucno mogu da ga restartujem.
b) Problem se poceo ispoljavati pre isprilike mesec dana a
u zadnje vreme sve cesce.
c) Nisam primetio da zastitni softver nesto nije mogao da
ukloni. Avast v.4.8 detektovao je dosta inficiranih fajlova,
prebaceni su u "kovceg" a nakon toga izbrisane.
d) Problem sam pokusao resiti skeniranjem PC-a anti virusnim
programom Avast v.4.8, Comodo Registry Cleanerom i brisanjem
fajlova koje je on pronasao, naravno iskljucio sam opciju
In-depth Search i nisam brisao fajlove iz unsafe.
e) Koristim internet preko SBB-a, FlatHome 1.5 Mb/s.
f) To bi bilo za sada sve.


DDS (Ver_09-12-01.01) - NTFSx86
Run by JA at 19:26:38,85 on pon 01.02.2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.1023.581 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100201-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = ${URL_SEARCHPAGE}
mSearch Page = ${URL_SEARCHPAGE}
mStart Page = hxxp://search.myheritage.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.8.1.4690\NPIEAddOn.dll
{69b3a375-4487-419f-b941-dec90330f93f}
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
{758f6d53-dcc7-4ccf-9080-4b6f9389f641}
BHO: Windows Live pomagač za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - Ask Search Assistant BHO
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHO
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: JuicyAccess Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\juicyaccess toolbar\4.2.7.25320\stb0.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\tipcam.lnk - c:\program files\utipu\tipc.exe
IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm
IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: kombank.com\ebankweb
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: iifgDsRk - iifgDsRk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
{758f6d53-dcc7-4ccf-9080-4b6f9389f641}
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnnmNeb

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-8 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-8 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-8 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-8 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-8 352920]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-12-26 4096]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-10-30 31896]
S2 QueryService Service;QueryService Service;c:\documents and settings\all users\application data\queryservice\queryservice127.exe [2009-11-13 58744]
S3 ATICDSDr;ATICDSDr;\??\d:\driver\xp\bin\atiicdxx.sys --> d:\driver\xp\bin\atiicdxx.sys [?]
S3 fsssvc;Usluga Windows Live Porodična bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 TipCtrl;TipCtrl;"c:\program files\utipu\tipctrl.exe" --> c:\program files\utipu\TipCtrl.exe [?]

=============== Created Last 30 ================

2010-01-31 21:00:04 0 d-----w- c:\program files\FastStone Image Viewer
2010-01-28 19:58:24 0 d-----w- c:\docume~1\admini~1\applic~1\OpenWith.org Downloaded Setups
2010-01-28 19:38:02 0 d-----w- c:\docume~1\admini~1\applic~1\OpenWith.org Cache
2010-01-28 14:52:00 0 d-----w- c:\docume~1\admini~1\applic~1\licenses
2010-01-28 14:51:56 0 d-----w- c:\docume~1\admini~1\applic~1\PCMM2009
2010-01-28 08:13:06 0 d-----w- c:\docume~1\admini~1\applic~1\Transcend
2010-01-22 17:46:38 0 d-----w- c:\windows\system32\NtmsData
2010-01-20 14:31:04 131 ----a-w- c:\windows\CRC.INI
2010-01-20 14:28:52 0 d-----w- c:\program files\COMODO
2010-01-11 14:26:53 0 d-----w- c:\windows\Applian Director
2010-01-11 14:25:53 0 d-----w- c:\windows\Replay Video Capture
2010-01-11 14:25:53 0 d-----w- c:\program files\Replay Video Capture
2010-01-02 19:24:58 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-01-01 15:51:56 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-01-01 15:51:56 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-01-01 15:51:52 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-12-26 17:30:19 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-12-26 17:30:19 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-12-26 17:30:19 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-11-21 08:46:32 86016 ----a-w- c:\windows\system32\frapsvid.dll
2007-12-14 22:15:32 56 --sh--r- c:\windows\system32\9888404A9D.sys
2008-10-24 19:29:51 298723 --sha-w- c:\windows\system32\beNmnnpo.ini2
2008-12-02 09:35:36 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:26:50,26 ===============

http://www.mycity.rs/uploads2/180398_1016183904_Attach.txt
http://www.mycity.rs/uploads2/180398_166718985_Gmer1.log
http://www.mycity.rs/uploads2/180398_1321322822_Gmer2.log
http://www.mycity.rs/uploads2/180398_1134092471_Gmer3.txt
Poslao: 02 Feb 2010 01:16
Bogdan-Tc
Anti Malware Fighter
Rank 1
 
Pridružio: 04 Jan 2009
Poruke: 1829


[Povratak na vrh]


Pozdrav.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer




Kada preuzimanje programa bude završeno:
  1. deaktiviraj zaštitni softver (uputstvo);
  2. zatvori pokrenute programe;
  3. dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:
  • proveriti postoji li novija verzija programa:
    • klikni Yes ako bude ponuđeno preuzimanje iste.
  • prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
    • klikni Yes kako bi proces bio nastavljen.
  • ako Recovery Console nije instalirana, ponuditi instalaciju:
    • obavezno prihvati klikom na Yes i isprati postupak.
  • postaviti/dati određeni broj upita/obaveštenja:
    • prihvati klikom na Yes ili OK.
  • po potrebi, restartovati Windows (više puta);
  • na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
  1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
  2. klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
  3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:
  • Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
  • Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
Poslao: 02 Feb 2010 20:53
zborce
Turista
 
Pridružio: 30 Dec 2009
Poruke: 24


[Povratak na vrh]


----------- Napisano: 02 Feb 2010 14:34 ---------

Desni klik misa mi konstantno blokira racunar, molim za strpljenje. Pokusavam da nesto odradim u safe modu, naravno ne skeniranje ComboFix-om.

----------- Dopuna: 02 Feb 2010 20:45 ---------

Pozdrav, napravio sam izvestaj skeniranja ComboFix-a. Nestala mi je ikonica avasta pored sata, kako da je vratim? Usao sam u System Configuration Utility pa onda na karticu Startup ali tamo nema avasta.

----------- Dopuna: 02 Feb 2010 20:53 ---------

Evo izvestaja skeniranja ComboFix-a:

ComboFix 10-02-01.03 - JA 02.02.2010 15:26:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.1023.628 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100202-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\bin\stbup.exe
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\01c9eb2893468d1fba80553d2b75bd30.gif
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\867b44b1158783875052f103c3a2f11a.gif
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\bc83ac54dd36e7479704363c8fbd7e43.gif
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\c14631dd1d688aa0ae8e9c9dd396c653.gif
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\default1.dat
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\loading.dat
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Cache\loading.gif
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\baw.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_DailyVideo.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Game.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Logo.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Option.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Search.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Smiley_Config.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Wallpaper.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_Web.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_01.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_02.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_03.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_04.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_05.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_06.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_07.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_08.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_09.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_10.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_11.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_12.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_13.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\Module_WebDropdown_14.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\pixel.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\ProductInfo.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\profile.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\SearchEngineList.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\tbcore.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\ToolbarLayout.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\UpdateCentre.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\UpdateCentreBk.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\URLDynamic.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Data\URLStatic.mx
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\About.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Component_ComboBox.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_DailyVideo.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Game.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Logo.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Option.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Search.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Smiley.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Wallpaper.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_Web.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_-4.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_-4.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_-5.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_-5.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_01.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_01.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_02.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_02.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_03.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_03.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_04.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_04.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_05.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_05.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_06.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_06.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_07.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_07.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_08.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_08.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_09.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_09.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_10.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_10.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_11.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_11.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_12.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_12.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_13.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_13.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_14.mg
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\Module_WebDropdown_14.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnDefault.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnDisplay.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnDisplay.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnDisplay18.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnDisplay20.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnGlitters.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnGlitters.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnGlitters18.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnGlitters20.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnOption.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnSmiley.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnSmiley.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnSmiley18.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnSmiley20.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnTellFd.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnTellFd.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnTellFd18.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnTellFd20.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnWink.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnWink.png
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnWink18.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Icons\TBBtnWink20.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\myskin1.skf
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\myskin2.skf
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\myskin3.skf
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\myskin4.skf
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\TellafriendSkin.skf
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\TellafriendSkin_s.skf
c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar\4.2.7.25320\Skins\ToastSkin.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\01c9eb2893468d1fba80553d2b75bd30.gif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\867b44b1158783875052f103c3a2f11a.gif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\bc83ac54dd36e7479704363c8fbd7e43.gif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\c14631dd1d688aa0ae8e9c9dd396c653.gif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.8.1.4690\Data\config.md
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.dat
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.1.0.1170\Data\config.md
c:\program files\Media Access Startup\2.1.0.1170\FF\chrome.manifest
c:\program files\Media Access Startup\2.1.0.1170\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.1.0.1170\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.1.0.1170\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.1.0.1170\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.1.0.1170\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.1.0.1170\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.1.0.1170\FF\install.rdf
c:\program files\Media Access Startup\2.1.0.1170\HPCommon.dll
c:\program files\Media Access Startup\2.1.0.1170\hppx.exe
c:\program files\Media Access Startup\2.1.0.1170\MAHelper.exe
c:\program files\Media Access Startup\2.1.0.1170\unins000.dat
c:\program files\Media Access Startup\2.1.0.1170\unins000.exe
c:\recycler\S-1-5-21-507921405-1004336348-725345543-500
c:\windows\system32\arnweggt.ini
c:\windows\system32\auwgxdmx.ini
c:\windows\system32\beNmnnpo.ini
c:\windows\system32\beNmnnpo.ini2
c:\windows\system32\cioapyvm.ini
c:\windows\system32\etieuvpr.ini
c:\windows\system32\Ijl11.dll
c:\windows\system32\kkqreykb.ini
c:\windows\system32\lhwjppib.ini

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-28 20:14 . 2008-05-29 06:03 37176 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-28 19:58 . 2010-01-28 19:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenWith.org Downloaded Setups
2010-01-28 19:38 . 2010-01-28 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenWith.org Cache
2010-01-28 14:52 . 2010-01-28 14:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\licenses
2010-01-28 14:51 . 2010-01-28 14:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCMM2009
2010-01-28 08:13 . 2010-01-28 08:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Transcend
2010-01-22 17:46 . 2010-01-27 09:33 -------- d-----w- c:\windows\system32\NtmsData
2010-01-20 14:28 . 2010-01-20 14:28 -------- d-----w- c:\program files\COMODO
2010-01-11 14:26 . 2010-01-11 14:26 -------- d-----w- c:\windows\Applian Director
2010-01-11 14:25 . 2010-01-11 15:07 -------- d-----w- c:\program files\Replay Video Capture
2010-01-11 14:25 . 2010-01-11 14:25 -------- d-----w- c:\windows\Replay Video Capture
2010-01-08 17:18 . 2010-01-08 17:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 13:18 . 2008-08-16 13:24 -------- d-----w- c:\program files\Capture-A-ScreenShot
2010-02-01 17:48 . 2007-01-29 12:07 -------- d-----w- c:\program files\FlashGet
2010-02-01 12:27 . 2009-05-10 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-02-01 11:13 . 2008-05-25 10:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-02-01 11:06 . 2009-05-10 18:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-01-31 14:49 . 2008-09-28 10:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Any Video Converter
2010-01-29 10:22 . 2008-03-03 15:28 -------- d-----w- c:\program files\Google
2010-01-28 20:20 . 2007-01-29 12:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 16:26 . 2009-10-28 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-01-20 08:17 . 2009-09-21 12:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C2F1992-4FF2-41CD-AF9F-DFF55F65212E}
2010-01-10 17:31 . 2009-12-16 17:46 -------- d-----w- c:\program files\TechSmith
2010-01-02 19:31 . 2010-01-02 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-01-02 19:24 . 2010-01-02 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-02 18:53 . 2010-01-02 17:03 -------- d-----w- c:\program files\Webcam and Screen Recorder
2010-01-01 15:59 . 2010-01-01 15:32 -------- d-----w- c:\program files\Replay Media Catcher
2010-01-01 15:51 . 2010-01-01 15:38 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-01-01 15:51 . 2010-01-01 15:38 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-01-01 15:51 . 2010-01-01 15:38 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-12-30 19:25 . 2009-12-30 19:25 -------- d-----w- c:\program files\Windows Media Recorder
2009-12-27 11:26 . 2009-12-27 11:06 -------- d-----w- c:\program files\uTIPu
2009-12-26 17:58 . 2009-12-26 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blueberry
2009-12-26 17:30 . 2009-12-26 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\LogSys
2009-12-26 17:30 . 2009-12-26 17:30 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-12-26 17:30 . 2009-12-26 17:30 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-12-26 17:30 . 2009-12-26 17:30 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-12-26 17:30 . 2009-12-26 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogSys
2009-12-25 14:40 . 2009-12-25 14:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MP3SkypeRecorder
2009-12-25 14:40 . 2009-12-25 14:40 375162 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1F1C4668-7767-4109-9B5E-19AD056F2CA0}\_62C7126616B954B0A3B534.exe
2009-12-25 14:40 . 2009-12-25 14:40 375162 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1F1C4668-7767-4109-9B5E-19AD056F2CA0}\_0F7A346F42AC9EA04D958A.exe
2009-12-25 14:40 . 2009-12-25 14:40 -------- d-----w- c:\program files\MP3 Skype Recorder
2009-11-27 17:08 . 2009-11-27 17:08 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-27 17:08 . 2009-11-27 17:08 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 23:54 . 2008-09-08 13:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-08 13:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-08 13:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-08 13:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-08 13:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-08 13:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-08 13:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-08 13:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-08 13:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-12 18:33 . 2009-11-13 13:32 58744 ----a-w- c:\documents and settings\All Users\Application Data\QueryService\queryservice127.exe
2009-11-10 16:07 . 2007-01-29 10:01 71976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-14 22:15 . 2007-12-13 17:02 56 --sh--r- c:\windows\system32\9888404A9D.sys
2008-12-02 09:35 . 2007-12-13 17:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 9.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk
backup=c:\windows\pss\Snagit 9.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Dragan\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\????? ??????????\\utorrent-1.8-beta-10364.upx.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MP3 Skype Recorder\\MP3 Skype Recorder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:EUC Wink

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.9.2008 14:22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.9.2008 14:22 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16.9.2009 14:31 54752]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [26.12.2009 18:30 4096]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [30.10.2008 0:05 31896]
S2 QueryService Service;QueryService Service;c:\documents and settings\All Users\Application Data\QueryService\queryservice127.exe [13.11.2009 14:32 58744]
S3 ATICDSDr;ATICDSDr;\??\d:\driver\XP\bin\atiicdxx.sys --> d:\driver\XP\bin\atiicdxx.sys [?]
S3 fsssvc;Usluga Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]
S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://search.myheritage.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kombank.com\ebankweb
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
BHO-{69B3A375-4487-419F-B941-DEC90330F93F} - (no file)
BHO-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - (no file)
Notify-iifgDsRk - iifgDsRk.dll
AddRemove-Feeding Frenzy 2 - c:\games\FEEDIN~1\UNWISE.EXE
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.1.0.1170\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 15:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
.
**************************************************************************
.
Completion time: 2010-02-02 15:35:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 14:35

Pre-Run: 25.788.325.888 bytes free
Post-Run: 27.031.519.232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 22CC79DF934F2C08546CAA8E277E8DF6
Poslao: 02 Feb 2010 23:05
Bogdan-Tc
Anti Malware Fighter
Rank 1
 
Pridružio: 04 Jan 2009
Poruke: 1829


[Povratak na vrh]


Otvoriti Notepad i iskopirati sledeci tekst:

Kod:
Driver::
QueryService Service

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"=-

Folder::
c:\documents and settings\All Users\Application Data\QueryService
C:\Program Files\QueryService


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Poslao: 03 Feb 2010 00:58
zborce
Turista
 
Pridružio: 30 Dec 2009
Poruke: 24


[Povratak na vrh]


----------- Napisano: 03 Feb 2010 0:23 ---------

Evo loga ComboFixa br.2 posle ubrizgavanje CFScripte u ComboFix.exe:

ComboFix 10-02-02.02 - JA 03.02.2010 0:10.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.1023.615 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100202-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-01-31 21:00 . 2010-01-31 21:00 -------- d-----w- c:\program files\FastStone Image Viewer
2010-01-28 20:14 . 2008-05-29 06:03 37176 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-28 19:58 . 2010-01-28 19:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenWith.org Downloaded Setups
2010-01-28 19:38 . 2010-01-28 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenWith.org Cache
2010-01-28 14:52 . 2010-01-28 14:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\licenses
2010-01-28 14:51 . 2010-01-28 14:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\PCMM2009
2010-01-28 08:13 . 2010-01-28 08:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Transcend
2010-01-22 17:46 . 2010-01-27 09:33 -------- d-----w- c:\windows\system32\NtmsData
2010-01-20 14:28 . 2010-01-20 14:28 -------- d-----w- c:\program files\COMODO
2010-01-11 14:26 . 2010-01-11 14:26 -------- d-----w- c:\windows\Applian Director
2010-01-11 14:25 . 2010-01-11 15:07 -------- d-----w- c:\program files\Replay Video Capture
2010-01-11 14:25 . 2010-01-11 14:25 -------- d-----w- c:\windows\Replay Video Capture
2010-01-08 17:18 . 2010-01-08 17:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 13:18 . 2008-08-16 13:24 -------- d-----w- c:\program files\Capture-A-ScreenShot
2010-02-01 17:48 . 2007-01-29 12:07 -------- d-----w- c:\program files\FlashGet
2010-02-01 12:27 . 2009-05-10 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-02-01 11:13 . 2008-05-25 10:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-02-01 11:06 . 2009-05-10 18:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-01-31 14:49 . 2008-09-28 10:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Any Video Converter
2010-01-29 10:22 . 2008-03-03 15:28 -------- d-----w- c:\program files\Google
2010-01-28 20:20 . 2007-01-29 12:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 16:26 . 2009-10-28 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-01-20 08:17 . 2009-09-21 12:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C2F1992-4FF2-41CD-AF9F-DFF55F65212E}
2010-01-10 17:31 . 2009-12-16 17:46 -------- d-----w- c:\program files\TechSmith
2010-01-02 19:31 . 2010-01-02 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-01-02 19:24 . 2010-01-02 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-02 18:53 . 2010-01-02 17:03 -------- d-----w- c:\program files\Webcam and Screen Recorder
2010-01-01 15:59 . 2010-01-01 15:32 -------- d-----w- c:\program files\Replay Media Catcher
2010-01-01 15:51 . 2010-01-01 15:38 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-01-01 15:51 . 2010-01-01 15:38 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-01-01 15:51 . 2010-01-01 15:38 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-12-30 19:25 . 2009-12-30 19:25 -------- d-----w- c:\program files\Windows Media Recorder
2009-12-27 11:26 . 2009-12-27 11:06 -------- d-----w- c:\program files\uTIPu
2009-12-26 17:58 . 2009-12-26 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blueberry
2009-12-26 17:30 . 2009-12-26 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\LogSys
2009-12-26 17:30 . 2009-12-26 17:30 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-12-26 17:30 . 2009-12-26 17:30 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-12-26 17:30 . 2009-12-26 17:30 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-12-26 17:30 . 2009-12-26 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogSys
2009-12-25 14:40 . 2009-12-25 14:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MP3SkypeRecorder
2009-12-25 14:40 . 2009-12-25 14:40 375162 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1F1C4668-7767-4109-9B5E-19AD056F2CA0}\_62C7126616B954B0A3B534.exe
2009-12-25 14:40 . 2009-12-25 14:40 375162 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1F1C4668-7767-4109-9B5E-19AD056F2CA0}\_0F7A346F42AC9EA04D958A.exe
2009-12-25 14:40 . 2009-12-25 14:40 -------- d-----w- c:\program files\MP3 Skype Recorder
2009-11-27 17:08 . 2009-11-27 17:08 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-27 17:08 . 2009-11-27 17:08 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 23:54 . 2008-09-08 13:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-08 13:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-08 13:22 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-08 13:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-08 13:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-08 13:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-08 13:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-08 13:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-08 13:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-10 16:07 . 2007-01-29 10:01 71976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-14 22:15 . 2007-12-13 17:02 56 --sh--r- c:\windows\system32\9888404A9D.sys
2008-12-02 09:35 . 2007-12-13 17:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-02_14.32.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 22:54 . 2010-02-02 22:54 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat
+ 2010-02-02 22:54 . 2010-02-02 22:54 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 9.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk
backup=c:\windows\pss\Snagit 9.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Dragan\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\????? ??????????\\utorrent-1.8-beta-10364.upx.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\MP3 Skype Recorder\\MP3 Skype Recorder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.9.2008 14:22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.9.2008 14:22 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16.9.2009 14:31 54752]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [26.12.2009 18:30 4096]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [30.10.2008 0:05 31896]
S3 ATICDSDr;ATICDSDr;\??\d:\driver\XP\bin\atiicdxx.sys --> d:\driver\XP\bin\atiicdxx.sys [?]
S3 fsssvc;Usluga Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]
S3 TipCtrl;TipCtrl;"c:\program files\uTIPu\TipCtrl.exe" --> c:\program files\uTIPu\TipCtrl.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://search.myheritage.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kombank.com\ebankweb
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 00:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-03 00:14:28
ComboFix-quarantined-files.txt 2010-02-02 23:14
ComboFix2.txt 2010-02-02 22:59
ComboFix3.txt 2010-02-02 14:35

Pre-Run: 26.986.360.832 bytes free
Post-Run: 26.966.114.304 bytes free

- - End Of File - - 97DB4D7EE5F178B786ECA6001414582C

----------- Dopuna: 03 Feb 2010 0:58 ---------

Lagano kuckam u drvo od stola kompjutera od uroka. Glavni uzrok, blokiranje kompjutera desnim klikom misa na bilo koji dokument za sada je NESTAO. Nema vise ni iskacucih sajtova prilikom surfovanja internetom. Nekako mi se cini i da je PC brzi u radu. I dalje nemam ikonu avasta u donjem desnom delu kompjutera pored sata, gde sada stoji ikona dosadnog crvenog stita sa oznakom X Windows Security Alertsa.
Poslao: 03 Feb 2010 13:25
Bogdan-Tc
Anti Malware Fighter
Rank 1
 
Pridružio: 04 Jan 2009
Poruke: 1829


[Povratak na vrh]


Izvini na čekanju.


Što se tiče ikonice Avast_a...

Idi u Control Panel > Add Remove Programs;

Klikni na Avast i opciju Remove;

U formi koja se pojavi odaberi sa leve strane odabri opciju Repair i potvrdi.

To bi trebalo da reši problem sa ikonicom, a log ću večeras da pregledam i napišem dalja uputstva.
Poslao: 03 Feb 2010 17:30
zborce
Turista
 
Pridružio: 30 Dec 2009
Poruke: 24


[Povratak na vrh]


----------- Napisano: 03 Feb 2010 14:01 ---------

Propratio sam uputstvo, ne obnavlja ikonicu avasta.



----------- Dopuna: 03 Feb 2010 15:39 ---------

Ja se izvinjavam zbog moje greske (to je zbog neznanja mog Engleskog jezika). Sada sam ispravno propratio uputstvo i vratila se ikonica Avasta u donjem desnom uglu ekrana pored sata. Medjutim, vracanjem ikonice Avasta vratio se i moj stari problem - blokiranje racunara desnim klikom misa na bilo koji dokument. Idemo dalje!

----------- Dopuna: 03 Feb 2010 17:30 ---------

Kad zaustavim stalnu zastitu Avasta nestaje problem desnog klika nad bilo kojim dokumentom i blokiranje racunara. Kao da Avast opterecuje ceo sistem i blokira ga.
Poslao: 03 Feb 2010 23:03
Bogdan-Tc
Anti Malware Fighter
Rank 1
 
Pridružio: 04 Jan 2009
Poruke: 1829


[Povratak na vrh]


Logovi su čisti i nema tragova malicioznih programa.


Što se tiče problema vezanog za Avast, deinstaliraj tu verziju 4.8 koju koristiš i instaliraj Avast 5.


Isprati još sledeće uputstvo...


Potrebno je deinstalirati ComboFix:
  • klikni start (ili ), a zatim RUN.

    Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

  • U liniju za unos teksta ukucaj (iskopiraj) sledeće:

  • ComboFix /Uninstall

    Primeti da postoji razmak između "ComboFix" i "/Uninstall".



  • a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.
Poslao: 04 Feb 2010 09:59
zborce
Turista
 
Pridružio: 30 Dec 2009
Poruke: 24


[Povratak na vrh]


Milo mi je da su logovi cisti i da nemam malicioznih programa.

- deinstaliracu Avast v.4.8 i instaliracu Avast 5.
- deinstalirao sam ComboFix,
- sta da uradim sa dds fajlom?
- kao i sa GMER-om?
- jel ono uobicajeno delete i u kantu za otpatke?
- jos jedno pitanje,sta da radim sa ovim sistemskim
datotekama koje je avast poodavno detektovao? ja
sam ih premestio u kovceg ali nisam smeo da ih
obrisem.
Poslao: 04 Feb 2010 11:23
Bogdan-Tc
Anti Malware Fighter
Rank 1
 
Pridružio: 04 Jan 2009
Poruke: 1829


[Povratak na vrh]


Gmer i DDS samo obrišeš.

Slobodno deinstaliraj tu verziju Avast_a i instaliraj novu.

Ti file_ovi u kovčegu su kopije koje je napravio.


Za dalja pitanja bih te zamolio da nastaviš u temi Razgovor o Avast_u.

http://www.mycity.rs/Antivirus-programi/razgovor-o-Avast-u.html


Pozdrav...
Poslao: 04 Feb 2010 12:05
zborce
Turista
 
Pridružio: 30 Dec 2009
Poruke: 24


[Povratak na vrh]


U redu i iznivi za moju nemarnost i ako nesto nije bilo OK sa moje strane, ipak ja nisam strucnjak za kompjutere. Prelazim na temu o Avastu da i to odradim. Ziv i zdrav bio i jos jednom pozdrav...


 Napiši novu temu  Odgovori na poruku Strana 1 od 1  

(Registrovanim korisnicima se NE prikazuju reklame)


Srodne teme:
Forum Tema Datum
Windows racunar blokira na desni klik 29 Nov 2007 10:10
Windows Desni klik blokira racunar 02 Jan 2007 13:37
Windows ne radi desni klik misa 14 Dec 2008 07:19
Arhiva Ambulante ne radi desni klik misa 14 Dec 2008 19:46
Windows Problem-kopiranje teksta desnim klikom misa 18 Apr 2008 23:53
Windows Desni klik-open with problem 23 Dec 2008 20:23
Windows Desni klik 05 Jul 2006 19:21
Windows Kako da ubrzam desni klik na radnoj povrsini??? 29 Jun 2008 15:55
Windows desni klik 21 Jan 2008 18:51
Aplikacije Desni klik 27 Okt 2007 20:15


 


 Ko je trenutno na forumu 
Ukupno su 103 korisnika na forumu :: 5 Registrovanih, 1 Sakrivenih i 97 Gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Da vam Bata nešto kaže..., m4rk0, Mixelotti, tradicija, Žan Klod vam dam


Based on phpBB
 Creative Commons License eXTReMe Tracker
This work is licensed under a Creative Commons License.
Stranica generisana za 0.165 sec
[0.156009 sec (user time) + 0.008001 sec (system time)]
Skripta zauzela u memoriji: 2.328.448 bajta
Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Najnovije poruke - Sitemap

Naši sajtovi: Vesti - Vojni forum - Zaštita od virusa - Igrice