MyCity » Ambulanta -> Arhiva Ambulante » Pomoc pls, mis radi a ekran ne reaguje

Pomoc pls, mis radi a ekran ne reaguje

Napisano na dan: 10.12.2008
1

Pomoc pls, mis radi a ekran ne reaguje
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Dec 2008 17:36
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Help pls, mislim da sam zakacio neki malware...Mis radi i njime slobodno mogu da se krecem po ekranu medjutim ne reaguje na nikakvu komandu.Takodje na Ctrl+Alt+Del. ne otvara task manager, takodje ga ne otvara ni kad stanem na tool bar i desnim klikom kad kliknem.Sta da radim?

Poslao: 10 Dec 2008 17:50
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Bio si vec u Ambulanti, znas koja je procedura.

Poslao: 10 Dec 2008 18:56
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Davno bilo Bobby, znam da treba da se skenira komp sa Hi Jack-om valjda bese..I zatim se postavi log. Hoce le me noko sagledati od dezurnih lekara u ambulanti..?

Dopuna: 10 Dec 2008 18:31

Evo ga i log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:15 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6213 bytes

Dopuna: 10 Dec 2008 18:56

Skinuo sa Combo fix evo i njegovog loga...

ComboFix 08-12-09.03 - User 2008-12-10 18:36:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.233 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\.#
c:\documents and settings\User\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00675426
c:\program files\MyWebSearch\bar\Cache\00676135
c:\program files\MyWebSearch\bar\Cache\00676E07.bin
c:\program files\MyWebSearch\bar\Cache\006774EC.bin
c:\program files\MyWebSearch\bar\Cache\00678E9E.bin
c:\program files\MyWebSearch\bar\Cache\00679F48.bin
c:\program files\MyWebSearch\bar\Cache\0067B197.bin
c:\program files\MyWebSearch\bar\Cache\006BA000.bin
c:\program files\MyWebSearch\bar\Cache\006BCAF8.bin
c:\program files\MyWebSearch\bar\Cache\006BD8F2.bin
c:\program files\MyWebSearch\bar\Cache\006BDC7C.bin
c:\program files\MyWebSearch\bar\Cache\006BE15E
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\Windows Live\Messenger\msimg32.dll
c:\program files\Windows Live\Messenger\riched20.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 18:25 . 2008-12-10 18:25 <DIR> d-------- c:\program files\Trend Micro
2008-12-08 10:59 . 2008-12-08 10:59 <DIR> d-------- c:\program files\Search Settings
2008-12-08 10:59 . 2008-12-08 15:30 <DIR> d-------- c:\program files\Dealio
2008-12-08 10:58 . 2008-12-08 10:59 <DIR> d-------- c:\documents and settings\User\Application Data\Dealio
2008-12-08 10:57 . 2008-12-08 10:57 <DIR> d-------- c:\program files\Free Video Converter
2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\program files\mIRC
2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\documents and settings\User\Application Data\mIRC
2008-12-07 16:59 . 2008-12-07 16:59 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall
2008-12-06 17:22 . 2008-12-06 17:22 <DIR> d-------- c:\program files\Fun Web Products
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\scripting
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\en
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\bits
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\l2schemas
2008-12-06 14:56 . 2008-12-06 15:00 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 21:03 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty
2008-12-05 18:14 . 2008-12-05 18:14 <DIR> d-------- c:\documents and settings\User\Application Data\Leadertech
2008-12-05 18:05 . 2008-12-06 15:34 141 --a------ c:\windows\disney.ini
2008-12-05 18:04 . 2008-12-05 18:04 183 --a------ c:\windows\disneysy.ini
2008-12-04 17:24 . 2008-12-04 17:24 <DIR> d-------- c:\documents and settings\User\.thumbnails
2008-12-04 16:08 . 2008-12-10 11:43 <DIR> d-------- c:\program files\Professional §©®ÎÞt v.4 Black
2008-12-04 16:01 . 2008-12-04 16:01 <DIR> d-------- c:\windows\Sun
2008-12-03 23:18 . 2008-12-04 17:27 <DIR> d-------- c:\documents and settings\User\Application Data\gtk-2.0
2008-12-03 23:15 . 2008-12-04 17:28 <DIR> d-------- c:\documents and settings\User\.gimp-2.4
2008-12-03 22:52 . 2008-12-03 23:00 <DIR> d-------- C:\Travian
2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-11-29 00:52 . 2008-11-29 00:52 <DIR> d-------- c:\documents and settings\User\Application Data\AdobeUM
2008-11-28 15:10 . 2008-12-03 20:16 2,027,830 --a------ c:\windows\ACD Wallpaper.bmp
2008-11-27 21:39 . 2008-11-27 21:39 <DIR> d-------- c:\documents and settings\User\Application Data\Ahead
2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\program files\MySpace
2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\documents and settings\User\Application Data\MySpace
2008-11-27 14:59 . 2008-12-01 13:12 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-26 11:06 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-11-26 11:06 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-26 11:06 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-26 00:25 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-25 21:45 . 2008-11-25 21:45 <DIR> d---s---- c:\documents and settings\User\UserData
2008-11-25 18:12 . 2008-12-06 20:29 <DIR> d-------- c:\documents and settings\User\Application Data\LimeWire
2008-11-25 18:12 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-25 18:12 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 18:11 . 2008-12-03 12:36 <DIR> d-------- c:\program files\Java
2008-11-25 13:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-25 13:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-25 13:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-25 11:32 . 2008-12-06 18:03 <DIR> d-------- c:\program files\Total Video Converter
2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- c:\temp\Aspi 470
2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- C:\Temp
2008-11-25 10:40 . 1999-11-24 01:00 288,433 --a------ c:\temp\aspi32.exe
2008-11-25 10:40 . 2002-06-13 16:39 153,088 --a------ c:\temp\UNWISE.EXE
2008-11-25 10:40 . 1999-09-10 13:06 45,056 --a------ c:\windows\system32\wnaspi32.dll
2008-11-25 10:40 . 1999-09-10 13:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys
2008-11-25 10:40 . 1999-09-10 13:06 5,600 --a------ c:\windows\system\winaspi.dll
2008-11-25 10:40 . 1999-09-10 13:06 4,672 --a------ c:\windows\system\wowpost.exe
2008-11-25 01:18 . 2008-11-25 01:18 <DIR> d-------- c:\documents and settings\User\Application Data\Publish Providers
2008-11-25 01:15 . 2008-11-25 01:15 <DIR> d-------- c:\documents and settings\User\Application Data\Sony
2008-11-25 01:14 . 2008-11-25 01:14 <DIR> d-------- c:\program files\Sony
2008-11-25 01:13 . 2008-11-25 01:13 <DIR> d-------- c:\program files\Vstplugins
2008-11-25 00:59 . 2008-11-25 00:59 <DIR> d-------- c:\documents and settings\User\Application Data\Sony Setup
2008-11-24 22:58 . 2008-11-28 23:11 49 --a------ c:\windows\NeroDigital.ini
2008-11-24 22:57 . 2008-11-24 22:57 <DIR> d-------- c:\program files\Outsim
2008-11-24 22:57 . 2008-12-06 15:35 <DIR> d-------- c:\program files\Image-Line
2008-11-24 22:57 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-11-24 22:57 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-11-24 22:56 . 2008-11-24 22:56 <DIR> d-------- c:\documents and settings\User\Application Data\ACD Systems
2008-11-24 22:53 . 2008-11-24 22:53 <DIR> d-------- c:\program files\Wisdom-soft ScreenHunter 5 Free
2008-11-24 22:27 . 2008-11-25 23:12 <DIR> d-------- c:\documents and settings\User\Contacts
2008-11-24 22:26 . 2008-11-24 22:26 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-24 22:21 . 2008-11-24 22:29 <DIR> d-------- c:\program files\Windows Live
2008-11-24 22:21 . 2008-11-24 22:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-24 20:50 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-24 20:50 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-24 20:50 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-24 20:50 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-24 20:48 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-24 20:48 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-24 20:47 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-24 20:47 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-24 20:46 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-24 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-24 19:24 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-24 19:19 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-24 19:16 . 2008-11-24 19:16 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-24 19:14 . 2008-11-24 19:15 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-24 19:13 . 2008-11-24 19:13 53,248 --a------ c:\windows\system32\suppdll.dll
2008-11-24 19:13 . 2008-11-24 19:13 35,363 --a------ c:\windows\system32\windrvNT.sys
2008-11-24 19:12 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-24 19:06 . 2008-12-07 16:16 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-24 19:06 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-24 17:41 . 2008-11-24 17:53 <DIR> d-------- c:\program files\LimeWire
2008-11-24 17:31 . 2008-11-24 17:31 <DIR> d-------- c:\program files\Opera
2008-11-24 16:47 . 2008-04-14 01:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-24 16:47 . 2008-04-13 19:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-24 16:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-24 16:46 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-24 14:55 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-24 14:55 . 2008-11-24 14:55 376 --a------ c:\windows\ODBC.INI
2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-11-24 14:53 . 2008-11-24 14:54 <DIR> d-------- c:\windows\SHELLNEW
2008-11-24 14:36 . 2004-03-03 21:30 125,184 --a------ c:\windows\system32\drivers\imagesrv.sys
2008-11-24 14:36 . 2004-03-03 21:30 5,504 --a------ c:\windows\system32\drivers\imagedrv.sys
2008-11-24 14:36 . 2008-11-24 14:36 0 --a------ c:\windows\nsreg.dat
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-24 14:35 . 2008-12-08 20:07 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Ahead
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\ACD Systems
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-24 14:35 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-24 14:35 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-24 14:35 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-24 14:35 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-24 14:35 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-24 14:35 . 2008-11-24 14:35 9,856 --a------ c:\windows\system32\drivers\pfc.sys
2008-11-24 14:34 . 2008-11-24 14:34 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-24 12:11 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\pxhelp20.sys
2008-11-24 12:10 . 2008-11-26 11:08 <DIR> d-------- c:\program files\Winamp
2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\program files\CyberLink
2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-11-24 12:10 . 2008-11-26 13:47 192 --a------ c:\windows\winamp.ini
2008-11-24 12:07 . 2008-11-25 11:32 <DIR> d-------- c:\program files\Mv2Player
2008-11-24 12:06 . 2008-12-08 15:30 <DIR> d-------- c:\program files\ffdshow

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 14:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 09:41 0 ----a-w c:\program files\Common Files\dht342126
2008-11-24 10:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-24 10:10 --------- d-----w c:\program files\Analog Devices
2008-11-24 09:53 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7569408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Valve\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Professional §©®ÎÞt v.4 Black\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2008-11-24 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-24 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jklokn.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c55264-bef7-11dd-80ea-001d0fc39ae6}]
\Shell\AutoRun\command - f.bat
\Shell\explore\Command - f.bat
\Shell\open\Command - f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2bc4e21-c527-11dd-810d-001d0fc39ae6}]
\SheLl\AutoPLaY\ComMAnd - G:\yficr.cmd
\SheLl\AutoRun\command - G:\yficr.cmd
\SheLl\explORe\CoMmAnD - G:\yficr.cmd
\SheLl\opeN\comMand - G:\yficr.cmd
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe


.
------- Supplementary Scan -------
.
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
IE: Compare Prices with &Dealio - c:\documents and settings\User\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\juj0ydtq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-10 18:40:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 358 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-12-10 18:44:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 17:44:25

Pre-Run: 14,477,074,432 bytes free
Post-Run: 14,957,113,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

365 --- E O F --- 2008-12-08 20:38:23

Poslao: 10 Dec 2008 19:07
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

Poslao: 10 Dec 2008 20:48
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Evo Bobbe po dogovoru...
mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 10 Dec 2008 21:07
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

Folder::
c:\documents and settings\User\Application Data\Dealio
c:\program files\Dealio

Driver::
abp470n5

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c55264-bef7-11dd-80ea-001d0fc39ae6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2bc4e21-c527-11dd-810d-001d0fc39ae6}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Javi i kako se sada komp ponasa. Jel bolje ili isto?

Poslao: 10 Dec 2008 21:30
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

ComboFix 08-12-09.03 - User 2008-12-10 21:08:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.159 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\Dealio
c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts_over.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts_rec.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts_rec_over.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\chevron-small.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\deal_report.jpg
c:\documents and settings\User\Application Data\Dealio\kb127\res\DealioSearch.html
c:\documents and settings\User\Application Data\Dealio\kb127\res\deals-leftcap.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\ebay_login.jpg
c:\documents and settings\User\Application Data\Dealio\kb127\res\err_mainwindow.html
c:\documents and settings\User\Application Data\Dealio\kb127\res\err_toolbar.html
c:\documents and settings\User\Application Data\Dealio\kb127\res\global_scripts.js
c:\documents and settings\User\Application Data\Dealio\kb127\res\headerbgthin.jpg
c:\documents and settings\User\Application Data\Dealio\kb127\res\highlight-bg.png
c:\documents and settings\User\Application Data\Dealio\kb127\res\logo.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\logo_over.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbar.css
c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbar.html
c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbar.js
c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbarl.js
c:\documents and settings\User\Application Data\Dealio\kb127\res\post-this-deal.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\post-this-deal_over.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\scripts.js
c:\documents and settings\User\Application Data\Dealio\kb127\res\scroller.js
c:\documents and settings\User\Application Data\Dealio\kb127\res\search-chevron.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\search-chevron_over.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\search_bg_blink.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\separator.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\settings.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\settings_over.gif
c:\documents and settings\User\Application Data\Dealio\kb127\res\yahoo-search.png
c:\documents and settings\User\Application Data\Dealio\kb127\rules\index.76.35
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.10.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.109.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.110.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.12.52
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.13.58
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.130.58
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.135.50
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.153.44
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.155.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.156.49
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.16.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.161.52
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.178.66
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.184.55
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.188.52
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.189.45
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.196.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.198.56
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.199.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.200.53
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.201.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.202.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.203.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.205.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.213.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.214.49
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.215.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.216.67
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.217.67
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.218.52
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.219.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.220.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.221.57
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.222.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.223.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.226.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.227.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.228.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.229.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.23.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.239.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.24.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.240.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.241.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.242.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.243.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.244.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.245.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.247.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.248.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.249.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.250.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.251.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.252.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.253.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.254.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.255.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.256.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.257.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.279.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.28.58
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.282.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.283.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.284.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.289.67
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.290.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.291.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.296.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.297.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.304.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.307.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.308.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.31.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.310.46
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.311.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.315.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.316.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.317.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.318.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.319.49
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.32.48
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.334.44
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.335.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.336.44
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.337.44
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.338.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.339.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.34.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.340.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.341.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.349.50
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.35.48
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.350.50
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.351.51
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.352.54
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.353.51
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.354.51
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.357.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.358.52
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.359.52
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.360.53
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.361.54
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.362.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.363.58
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.364.54
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.365.53
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.367.56
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.368.58
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.369.55
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.370.56
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.371.56
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.372.57
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.373.55
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.375.56
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.376.57
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.377.55
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.378.65
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.384.58
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.386.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.387.59
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.388.59
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.389.59
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.390.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.391.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.392.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.393.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.394.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.396.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.397.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.398.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.399.60
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.403.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.404.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.405.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.406.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.407.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.408.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.409.61
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.412.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.413.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.414.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.415.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.416.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.417.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.418.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.419.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.420.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.421.62
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.423.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.424.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.425.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.426.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.427.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.428.65
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.429.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.430.63
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.432.65
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.433.64
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.434.65
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.435.64
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.436.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.437.64
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.438.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.439.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.440.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.442.73
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.443.73
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.444.73
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.445.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.446.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.450.67
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.451.67
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.452.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.453.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.454.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.456.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.457.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.458.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.459.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.460.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.462.74
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.463.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.464.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.465.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.468.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.469.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.470.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.471.73
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.472.70
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.478.74
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.479.73
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.480.68
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.481.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.482.74
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.49.67
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.50.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.500.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.501.74
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.502.71
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.51.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.52.72
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.520.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.521.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.522.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.53.51
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.531.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.532.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.534.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.54.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.55.45
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.56.69
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.57.43
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.58.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.593.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.595.76
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.63.57
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.66.47
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.70.75
c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.71.43
c:\documents and settings\User\Application Data\Dealio\kb127\temp\dealio-14223.log
c:\documents and settings\User\Application Data\Dealio\kb127\temp\installtype.ini
c:\program files\Dealio
c:\program files\Dealio\kb127\Dealio.dll
c:\program files\Dealio\kb127\DealioRes409.dll
c:\program files\Dealio\kb127\res\alerts.gif
c:\program files\Dealio\kb127\res\alerts_over.gif
c:\program files\Dealio\kb127\res\alerts_rec.gif
c:\program files\Dealio\kb127\res\alerts_rec_over.gif
c:\program files\Dealio\kb127\res\chevron-small.gif
c:\program files\Dealio\kb127\res\deal_report.jpg
c:\program files\Dealio\kb127\res\DealioSearch.html
c:\program files\Dealio\kb127\res\deals-leftcap.gif
c:\program files\Dealio\kb127\res\ebay_login.jpg
c:\program files\Dealio\kb127\res\err_mainwindow.html
c:\program files\Dealio\kb127\res\err_toolbar.html
c:\program files\Dealio\kb127\res\global_scripts.js
c:\program files\Dealio\kb127\res\headerbgthin.jpg
c:\program files\Dealio\kb127\res\highlight-bg.png
c:\program files\Dealio\kb127\res\logo.gif
c:\program files\Dealio\kb127\res\logo_over.gif
c:\program files\Dealio\kb127\res\man_toolbar.css
c:\program files\Dealio\kb127\res\man_toolbar.html
c:\program files\Dealio\kb127\res\man_toolbar.js
c:\program files\Dealio\kb127\res\man_toolbarl.js
c:\program files\Dealio\kb127\res\post-this-deal.gif
c:\program files\Dealio\kb127\res\post-this-deal_over.gif
c:\program files\Dealio\kb127\res\scripts.js
c:\program files\Dealio\kb127\res\scroller.js
c:\program files\Dealio\kb127\res\search-chevron.gif
c:\program files\Dealio\kb127\res\search-chevron_over.gif
c:\program files\Dealio\kb127\res\search_bg_blink.gif
c:\program files\Dealio\kb127\res\separator.gif
c:\program files\Dealio\kb127\res\settings.gif
c:\program files\Dealio\kb127\res\settings_over.gif
c:\program files\Dealio\kb127\res\yahoo-search.png
c:\program files\Dealio\kb127\resDN\bottom.gif
c:\program files\Dealio\kb127\resDN\chevron_down.gif
c:\program files\Dealio\kb127\resDN\chevron_up.gif
c:\program files\Dealio\kb127\resDN\close.gif
c:\program files\Dealio\kb127\resDN\deskbar.css
c:\program files\Dealio\kb127\resDN\deskbar.js
c:\program files\Dealio\kb127\resDN\dispatch_helper.js
c:\program files\Dealio\kb127\resDN\ebay_compatible.jpg
c:\program files\Dealio\kb127\resDN\logo.gif
c:\program files\Dealio\kb127\resDN\logo_chevron_bkg.gif
c:\program files\Dealio\kb127\resDN\losing.gif
c:\program files\Dealio\kb127\resDN\lost.gif
c:\program files\Dealio\kb127\resDN\man_deskbar.html
c:\program files\Dealio\kb127\resDN\menu_arrow.gif
c:\program files\Dealio\kb127\resDN\menu_check.gif
c:\program files\Dealio\kb127\resDN\no_image.gif
c:\program files\Dealio\kb127\resDN\prod_img.gif
c:\program files\Dealio\kb127\resDN\search_chevron.gif
c:\program files\Dealio\kb127\resDN\spacer.gif
c:\program files\Dealio\kb127\resDN\textfield_bkg.gif
c:\program files\Dealio\kb127\resDN\top.gif
c:\program files\Dealio\kb127\resDN\unknown.gif
c:\program files\Dealio\kb127\resDN\winning.gif
c:\program files\Dealio\kb127\resDN\won.gif
c:\program files\Dealio\kb127\rules\index.76.35
c:\program files\Dealio\kb127\rules\rules.1.10.76
c:\program files\Dealio\kb127\rules\rules.1.109.43
c:\program files\Dealio\kb127\rules\rules.1.110.43
c:\program files\Dealio\kb127\rules\rules.1.12.52
c:\program files\Dealio\kb127\rules\rules.1.13.58
c:\program files\Dealio\kb127\rules\rules.1.130.58
c:\program files\Dealio\kb127\rules\rules.1.135.50
c:\program files\Dealio\kb127\rules\rules.1.153.44
c:\program files\Dealio\kb127\rules\rules.1.155.43
c:\program files\Dealio\kb127\rules\rules.1.156.49
c:\program files\Dealio\kb127\rules\rules.1.16.60
c:\program files\Dealio\kb127\rules\rules.1.161.52
c:\program files\Dealio\kb127\rules\rules.1.178.66
c:\program files\Dealio\kb127\rules\rules.1.184.55
c:\program files\Dealio\kb127\rules\rules.1.188.52
c:\program files\Dealio\kb127\rules\rules.1.189.45
c:\program files\Dealio\kb127\rules\rules.1.196.43
c:\program files\Dealio\kb127\rules\rules.1.198.56
c:\program files\Dealio\kb127\rules\rules.1.199.43
c:\program files\Dealio\kb127\rules\rules.1.200.53
c:\program files\Dealio\kb127\rules\rules.1.201.43
c:\program files\Dealio\kb127\rules\rules.1.202.43
c:\program files\Dealio\kb127\rules\rules.1.203.71
c:\program files\Dealio\kb127\rules\rules.1.205.62
c:\program files\Dealio\kb127\rules\rules.1.213.71
c:\program files\Dealio\kb127\rules\rules.1.214.49
c:\program files\Dealio\kb127\rules\rules.1.215.43
c:\program files\Dealio\kb127\rules\rules.1.216.67
c:\program files\Dealio\kb127\rules\rules.1.217.67
c:\program files\Dealio\kb127\rules\rules.1.218.52
c:\program files\Dealio\kb127\rules\rules.1.219.43
c:\program files\Dealio\kb127\rules\rules.1.220.43
c:\program files\Dealio\kb127\rules\rules.1.221.57
c:\program files\Dealio\kb127\rules\rules.1.222.43
c:\program files\Dealio\kb127\rules\rules.1.223.68
c:\program files\Dealio\kb127\rules\rules.1.226.68
c:\program files\Dealio\kb127\rules\rules.1.227.43
c:\program files\Dealio\kb127\rules\rules.1.228.62
c:\program files\Dealio\kb127\rules\rules.1.229.76
c:\program files\Dealio\kb127\rules\rules.1.23.63
c:\program files\Dealio\kb127\rules\rules.1.239.43
c:\program files\Dealio\kb127\rules\rules.1.24.43
c:\program files\Dealio\kb127\rules\rules.1.240.43
c:\program files\Dealio\kb127\rules\rules.1.241.43
c:\program files\Dealio\kb127\rules\rules.1.242.43
c:\program files\Dealio\kb127\rules\rules.1.243.43
c:\program files\Dealio\kb127\rules\rules.1.244.63
c:\program files\Dealio\kb127\rules\rules.1.245.43
c:\program files\Dealio\kb127\rules\rules.1.247.43
c:\program files\Dealio\kb127\rules\rules.1.248.43
c:\program files\Dealio\kb127\rules\rules.1.249.43
c:\program files\Dealio\kb127\rules\rules.1.250.43
c:\program files\Dealio\kb127\rules\rules.1.251.43
c:\program files\Dealio\kb127\rules\rules.1.252.43
c:\program files\Dealio\kb127\rules\rules.1.253.43
c:\program files\Dealio\kb127\rules\rules.1.254.43
c:\program files\Dealio\kb127\rules\rules.1.255.43
c:\program files\Dealio\kb127\rules\rules.1.256.43
c:\program files\Dealio\kb127\rules\rules.1.257.43
c:\program files\Dealio\kb127\rules\rules.1.279.43
c:\program files\Dealio\kb127\rules\rules.1.28.58
c:\program files\Dealio\kb127\rules\rules.1.282.75
c:\program files\Dealio\kb127\rules\rules.1.283.43
c:\program files\Dealio\kb127\rules\rules.1.284.43
c:\program files\Dealio\kb127\rules\rules.1.289.67
c:\program files\Dealio\kb127\rules\rules.1.290.62
c:\program files\Dealio\kb127\rules\rules.1.291.61
c:\program files\Dealio\kb127\rules\rules.1.296.43
c:\program files\Dealio\kb127\rules\rules.1.297.43
c:\program files\Dealio\kb127\rules\rules.1.304.43
c:\program files\Dealio\kb127\rules\rules.1.307.43
c:\program files\Dealio\kb127\rules\rules.1.308.75
c:\program files\Dealio\kb127\rules\rules.1.31.47
c:\program files\Dealio\kb127\rules\rules.1.310.46
c:\program files\Dealio\kb127\rules\rules.1.311.43
c:\program files\Dealio\kb127\rules\rules.1.315.43
c:\program files\Dealio\kb127\rules\rules.1.316.43
c:\program files\Dealio\kb127\rules\rules.1.317.43
c:\program files\Dealio\kb127\rules\rules.1.318.43
c:\program files\Dealio\kb127\rules\rules.1.319.49
c:\program files\Dealio\kb127\rules\rules.1.32.48
c:\program files\Dealio\kb127\rules\rules.1.334.44
c:\program files\Dealio\kb127\rules\rules.1.335.60
c:\program files\Dealio\kb127\rules\rules.1.336.44
c:\program files\Dealio\kb127\rules\rules.1.337.44
c:\program files\Dealio\kb127\rules\rules.1.338.75
c:\program files\Dealio\kb127\rules\rules.1.339.47
c:\program files\Dealio\kb127\rules\rules.1.34.43
c:\program files\Dealio\kb127\rules\rules.1.340.47
c:\program files\Dealio\kb127\rules\rules.1.341.47
c:\program files\Dealio\kb127\rules\rules.1.349.50
c:\program files\Dealio\kb127\rules\rules.1.35.48
c:\program files\Dealio\kb127\rules\rules.1.350.50
c:\program files\Dealio\kb127\rules\rules.1.351.51
c:\program files\Dealio\kb127\rules\rules.1.352.54
c:\program files\Dealio\kb127\rules\rules.1.353.51
c:\program files\Dealio\kb127\rules\rules.1.354.51
c:\program files\Dealio\kb127\rules\rules.1.357.62
c:\program files\Dealio\kb127\rules\rules.1.358.52
c:\program files\Dealio\kb127\rules\rules.1.359.52
c:\program files\Dealio\kb127\rules\rules.1.360.53
c:\program files\Dealio\kb127\rules\rules.1.361.54
c:\program files\Dealio\kb127\rules\rules.1.362.68
c:\program files\Dealio\kb127\rules\rules.1.363.58
c:\program files\Dealio\kb127\rules\rules.1.364.54
c:\program files\Dealio\kb127\rules\rules.1.365.53
c:\program files\Dealio\kb127\rules\rules.1.367.56
c:\program files\Dealio\kb127\rules\rules.1.368.58
c:\program files\Dealio\kb127\rules\rules.1.369.55
c:\program files\Dealio\kb127\rules\rules.1.370.56
c:\program files\Dealio\kb127\rules\rules.1.371.56
c:\program files\Dealio\kb127\rules\rules.1.372.57
c:\program files\Dealio\kb127\rules\rules.1.373.55
c:\program files\Dealio\kb127\rules\rules.1.375.56
c:\program files\Dealio\kb127\rules\rules.1.376.57
c:\program files\Dealio\kb127\rules\rules.1.377.55
c:\program files\Dealio\kb127\rules\rules.1.378.65
c:\program files\Dealio\kb127\rules\rules.1.384.58
c:\program files\Dealio\kb127\rules\rules.1.386.71
c:\program files\Dealio\kb127\rules\rules.1.387.59
c:\program files\Dealio\kb127\rules\rules.1.388.59
c:\program files\Dealio\kb127\rules\rules.1.389.59
c:\program files\Dealio\kb127\rules\rules.1.390.60
c:\program files\Dealio\kb127\rules\rules.1.391.60
c:\program files\Dealio\kb127\rules\rules.1.392.60
c:\program files\Dealio\kb127\rules\rules.1.393.60
c:\program files\Dealio\kb127\rules\rules.1.394.60
c:\program files\Dealio\kb127\rules\rules.1.396.61
c:\program files\Dealio\kb127\rules\rules.1.397.61
c:\program files\Dealio\kb127\rules\rules.1.398.60
c:\program files\Dealio\kb127\rules\rules.1.399.60
c:\program files\Dealio\kb127\rules\rules.1.403.61
c:\program files\Dealio\kb127\rules\rules.1.404.63
c:\program files\Dealio\kb127\rules\rules.1.405.61
c:\program files\Dealio\kb127\rules\rules.1.406.61
c:\program files\Dealio\kb127\rules\rules.1.407.76
c:\program files\Dealio\kb127\rules\rules.1.408.63
c:\program files\Dealio\kb127\rules\rules.1.409.61
c:\program files\Dealio\kb127\rules\rules.1.412.62
c:\program files\Dealio\kb127\rules\rules.1.413.62
c:\program files\Dealio\kb127\rules\rules.1.414.62
c:\program files\Dealio\kb127\rules\rules.1.415.62
c:\program files\Dealio\kb127\rules\rules.1.416.62
c:\program files\Dealio\kb127\rules\rules.1.417.62
c:\program files\Dealio\kb127\rules\rules.1.418.62
c:\program files\Dealio\kb127\rules\rules.1.419.62
c:\program files\Dealio\kb127\rules\rules.1.420.62
c:\program files\Dealio\kb127\rules\rules.1.421.62
c:\program files\Dealio\kb127\rules\rules.1.423.63
c:\program files\Dealio\kb127\rules\rules.1.424.63
c:\program files\Dealio\kb127\rules\rules.1.425.63
c:\program files\Dealio\kb127\rules\rules.1.426.63
c:\program files\Dealio\kb127\rules\rules.1.427.63
c:\program files\Dealio\kb127\rules\rules.1.428.65
c:\program files\Dealio\kb127\rules\rules.1.429.63
c:\program files\Dealio\kb127\rules\rules.1.430.63
c:\program files\Dealio\kb127\rules\rules.1.432.65
c:\program files\Dealio\kb127\rules\rules.1.433.64
c:\program files\Dealio\kb127\rules\rules.1.434.65
c:\program files\Dealio\kb127\rules\rules.1.435.64
c:\program files\Dealio\kb127\rules\rules.1.436.76
c:\program files\Dealio\kb127\rules\rules.1.437.64
c:\program files\Dealio\kb127\rules\rules.1.438.71
c:\program files\Dealio\kb127\rules\rules.1.439.71
c:\program files\Dealio\kb127\rules\rules.1.440.75
c:\program files\Dealio\kb127\rules\rules.1.442.73
c:\program files\Dealio\kb127\rules\rules.1.443.73
c:\program files\Dealio\kb127\rules\rules.1.444.73
c:\program files\Dealio\kb127\rules\rules.1.445.68
c:\program files\Dealio\kb127\rules\rules.1.446.69
c:\program files\Dealio\kb127\rules\rules.1.450.67
c:\program files\Dealio\kb127\rules\rules.1.451.67
c:\program files\Dealio\kb127\rules\rules.1.452.68
c:\program files\Dealio\kb127\rules\rules.1.453.68
c:\program files\Dealio\kb127\rules\rules.1.454.69
c:\program files\Dealio\kb127\rules\rules.1.456.69
c:\program files\Dealio\kb127\rules\rules.1.457.75
c:\program files\Dealio\kb127\rules\rules.1.458.70
c:\program files\Dealio\kb127\rules\rules.1.459.70
c:\program files\Dealio\kb127\rules\rules.1.460.69
c:\program files\Dealio\kb127\rules\rules.1.462.74
c:\program files\Dealio\kb127\rules\rules.1.463.69
c:\program files\Dealio\kb127\rules\rules.1.464.70
c:\program files\Dealio\kb127\rules\rules.1.465.68
c:\program files\Dealio\kb127\rules\rules.1.468.70
c:\program files\Dealio\kb127\rules\rules.1.469.70
c:\program files\Dealio\kb127\rules\rules.1.470.70
c:\program files\Dealio\kb127\rules\rules.1.471.73
c:\program files\Dealio\kb127\rules\rules.1.472.70
c:\program files\Dealio\kb127\rules\rules.1.478.74
c:\program files\Dealio\kb127\rules\rules.1.479.73
c:\program files\Dealio\kb127\rules\rules.1.480.68
c:\program files\Dealio\kb127\rules\rules.1.481.71
c:\program files\Dealio\kb127\rules\rules.1.482.74
c:\program files\Dealio\kb127\rules\rules.1.49.67
c:\program files\Dealio\kb127\rules\rules.1.50.43
c:\program files\Dealio\kb127\rules\rules.1.500.71
c:\program files\Dealio\kb127\rules\rules.1.501.74
c:\program files\Dealio\kb127\rules\rules.1.502.71
c:\program files\Dealio\kb127\rules\rules.1.51.69
c:\program files\Dealio\kb127\rules\rules.1.52.72
c:\program files\Dealio\kb127\rules\rules.1.520.76
c:\program files\Dealio\kb127\rules\rules.1.521.76
c:\program files\Dealio\kb127\rules\rules.1.522.76
c:\program files\Dealio\kb127\rules\rules.1.53.51
c:\program files\Dealio\kb127\rules\rules.1.531.76
c:\program files\Dealio\kb127\rules\rules.1.532.75
c:\program files\Dealio\kb127\rules\rules.1.534.75
c:\program files\Dealio\kb127\rules\rules.1.54.47
c:\program files\Dealio\kb127\rules\rules.1.55.45
c:\program files\Dealio\kb127\rules\rules.1.56.69
c:\program files\Dealio\kb127\rules\rules.1.57.43
c:\program files\Dealio\kb127\rules\rules.1.58.47
c:\program files\Dealio\kb127\rules\rules.1.593.76
c:\program files\Dealio\kb127\rules\rules.1.595.76
c:\program files\Dealio\kb127\rules\rules.1.63.57
c:\program files\Dealio\kb127\rules\rules.1.66.47
c:\program files\Dealio\kb127\rules\rules.1.70.75
c:\program files\Dealio\kb127\rules\rules.1.71.43
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 20:23 . 2008-12-10 20:23 250 --a------ c:\windows\gmer.ini
2008-12-10 18:25 . 2008-12-10 18:25 <DIR> d-------- c:\program files\Trend Micro
2008-12-08 10:59 . 2008-12-08 10:59 <DIR> d-------- c:\program files\Search Settings
2008-12-08 10:57 . 2008-12-08 10:57 <DIR> d-------- c:\program files\Free Video Converter
2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\program files\mIRC
2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\documents and settings\User\Application Data\mIRC
2008-12-07 16:59 . 2008-12-07 16:59 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall
2008-12-06 17:22 . 2008-12-06 17:22 <DIR> d-------- c:\program files\Fun Web Products
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\scripting
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\en
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\bits
2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\l2schemas
2008-12-06 14:56 . 2008-12-06 15:00 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 21:03 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty
2008-12-05 18:14 . 2008-12-05 18:14 <DIR> d-------- c:\documents and settings\User\Application Data\Leadertech
2008-12-05 18:05 . 2008-12-06 15:34 141 --a------ c:\windows\disney.ini
2008-12-05 18:04 . 2008-12-05 18:04 183 --a------ c:\windows\disneysy.ini
2008-12-04 17:24 . 2008-12-04 17:24 <DIR> d-------- c:\documents and settings\User\.thumbnails
2008-12-04 16:08 . 2008-12-10 11:43 <DIR> d-------- c:\program files\Professional §©®ÎÞt v.4 Black
2008-12-04 16:01 . 2008-12-04 16:01 <DIR> d-------- c:\windows\Sun
2008-12-03 23:18 . 2008-12-04 17:27 <DIR> d-------- c:\documents and settings\User\Application Data\gtk-2.0
2008-12-03 23:15 . 2008-12-04 17:28 <DIR> d-------- c:\documents and settings\User\.gimp-2.4
2008-12-03 22:52 . 2008-12-03 23:00 <DIR> d-------- C:\Travian
2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-11-29 00:52 . 2008-11-29 00:52 <DIR> d-------- c:\documents and settings\User\Application Data\AdobeUM
2008-11-28 15:10 . 2008-12-03 20:16 2,027,830 --a------ c:\windows\ACD Wallpaper.bmp
2008-11-27 21:39 . 2008-11-27 21:39 <DIR> d-------- c:\documents and settings\User\Application Data\Ahead
2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\program files\MySpace
2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\documents and settings\User\Application Data\MySpace
2008-11-27 14:59 . 2008-12-01 13:12 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-26 11:06 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-11-26 11:06 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-26 11:06 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-26 00:25 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-25 21:45 . 2008-11-25 21:45 <DIR> d---s---- c:\documents and settings\User\UserData
2008-11-25 18:12 . 2008-12-06 20:29 <DIR> d-------- c:\documents and settings\User\Application Data\LimeWire
2008-11-25 18:12 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-25 18:12 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 18:11 . 2008-12-03 12:36 <DIR> d-------- c:\program files\Java
2008-11-25 13:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-25 13:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-25 13:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-25 11:32 . 2008-12-06 18:03 <DIR> d-------- c:\program files\Total Video Converter
2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- c:\temp\Aspi 470
2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- C:\Temp
2008-11-25 10:40 . 1999-11-24 01:00 288,433 --a------ c:\temp\aspi32.exe
2008-11-25 10:40 . 2002-06-13 16:39 153,088 --a------ c:\temp\UNWISE.EXE
2008-11-25 10:40 . 1999-09-10 13:06 45,056 --a------ c:\windows\system32\wnaspi32.dll
2008-11-25 10:40 . 1999-09-10 13:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys
2008-11-25 10:40 . 1999-09-10 13:06 5,600 --a------ c:\windows\system\winaspi.dll
2008-11-25 10:40 . 1999-09-10 13:06 4,672 --a------ c:\windows\system\wowpost.exe
2008-11-25 01:18 . 2008-11-25 01:18 <DIR> d-------- c:\documents and settings\User\Application Data\Publish Providers
2008-11-25 01:15 . 2008-11-25 01:15 <DIR> d-------- c:\documents and settings\User\Application Data\Sony
2008-11-25 01:14 . 2008-11-25 01:14 <DIR> d-------- c:\program files\Sony
2008-11-25 01:13 . 2008-11-25 01:13 <DIR> d-------- c:\program files\Vstplugins
2008-11-25 00:59 . 2008-11-25 00:59 <DIR> d-------- c:\documents and settings\User\Application Data\Sony Setup
2008-11-24 22:58 . 2008-11-28 23:11 49 --a------ c:\windows\NeroDigital.ini
2008-11-24 22:57 . 2008-11-24 22:57 <DIR> d-------- c:\program files\Outsim
2008-11-24 22:57 . 2008-12-06 15:35 <DIR> d-------- c:\program files\Image-Line
2008-11-24 22:57 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-11-24 22:57 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-11-24 22:56 . 2008-11-24 22:56 <DIR> d-------- c:\documents and settings\User\Application Data\ACD Systems
2008-11-24 22:53 . 2008-11-24 22:53 <DIR> d-------- c:\program files\Wisdom-soft ScreenHunter 5 Free
2008-11-24 22:27 . 2008-11-25 23:12 <DIR> d-------- c:\documents and settings\User\Contacts
2008-11-24 22:26 . 2008-11-24 22:26 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-24 22:21 . 2008-11-24 22:29 <DIR> d-------- c:\program files\Windows Live
2008-11-24 22:21 . 2008-11-24 22:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-24 20:50 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-24 20:50 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-24 20:50 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-24 20:50 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-24 20:48 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-24 20:48 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-24 20:47 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-24 20:47 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-24 20:46 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-24 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-24 19:24 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-24 19:19 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-24 19:16 . 2008-11-24 19:16 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-24 19:14 . 2008-11-24 19:15 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-24 19:13 . 2008-11-24 19:13 53,248 --a------ c:\windows\system32\suppdll.dll
2008-11-24 19:13 . 2008-11-24 19:13 35,363 --a------ c:\windows\system32\windrvNT.sys
2008-11-24 19:12 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-24 19:06 . 2008-12-07 16:16 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-24 19:06 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-24 17:41 . 2008-11-24 17:53 <DIR> d-------- c:\program files\LimeWire
2008-11-24 17:31 . 2008-11-24 17:31 <DIR> d-------- c:\program files\Opera
2008-11-24 16:47 . 2008-04-14 01:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-24 16:47 . 2008-04-13 19:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-24 16:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-24 16:46 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-24 14:55 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-24 14:55 . 2008-11-24 14:55 376 --a------ c:\windows\ODBC.INI
2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-11-24 14:53 . 2008-11-24 14:54 <DIR> d-------- c:\windows\SHELLNEW
2008-11-24 14:36 . 2004-03-03 21:30 125,184 --a------ c:\windows\system32\drivers\imagesrv.sys
2008-11-24 14:36 . 2004-03-03 21:30 5,504 --a------ c:\windows\system32\drivers\imagedrv.sys
2008-11-24 14:36 . 2008-11-24 14:36 0 --a------ c:\windows\nsreg.dat
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-24 14:35 . 2008-12-08 20:07 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Ahead
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\ACD Systems
2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-24 14:35 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-24 14:35 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-24 14:35 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-24 14:35 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-24 14:35 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-24 14:35 . 2008-11-24 14:35 9,856 --a------ c:\windows\system32\drivers\pfc.sys
2008-11-24 14:34 . 2008-11-24 14:34 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-24 12:11 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\pxhelp20.sys
2008-11-24 12:10 . 2008-11-26 11:08 <DIR> d-------- c:\program files\Winamp
2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\program files\CyberLink
2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-11-24 12:10 . 2008-11-26 13:47 192 --a------ c:\windows\winamp.ini
2008-11-24 12:07 . 2008-11-25 11:32 <DIR> d-------- c:\program files\Mv2Player
2008-11-24 12:06 . 2008-12-08 15:30 <DIR> d-------- c:\program files\ffdshow
2008-11-24 12:05 . 2008-11-24 12:05 <DIR> d-------- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 14:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 09:41 0 ----a-w c:\program files\Common Files\dht342126
2008-11-24 10:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-24 10:10 --------- d-----w c:\program files\Analog Devices
2008-11-24 09:53 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_18.42.20.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-10 19:23:57 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-r c:\windows\gmer.exe
+ 2008-12-10 19:23:57 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-12-10 20:15:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4c4.dat
+ 2008-12-10 20:15:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7569408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Valve\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Professional §©®ÎÞt v.4 Black\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2008-11-24 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-24 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560]
.
.
------- Supplementary Scan -------
.
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
IE: Compare Prices with &Dealio - c:\documents and settings\User\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\juj0ydtq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-10 21:15:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 358 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-12-10 21:18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 20:18:25
ComboFix2.txt 2008-12-10 17:44:32

Pre-Run: 14,926,770,176 bytes free
Post-Run: 14,916,378,624 bytes free

797 --- E O F --- 2008-12-08 20:38:23

Bobbe hvala ti, puno je bolje.Reci mi sta je to bilo sa Mozilom? Ja je ne koristim ?I svi oni fajlovi koji su izbrisani odakle i sta je to?

Dopuna: 10 Dec 2008 21:30

Evo ga i Task Manager radi.

Poslao: 10 Dec 2008 21:48
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Deinstalirao sam ti dva toolbara. Jedan od njih se bio instalirao i u Mozillu.
Osim toga, uklonio sam tragove nekog drajvera sumnjivog porekla.
Pre toga je ComboFix sam uklonio jos toolbarova i jos par malwarea.
Uklonili smo i ostatke neke infekcije koja se prenela putem nekog USB sticka (ili nekog drugog USB uredjaja sa memorijom).

Imas li ti neki USB memorijski uredjaj (moze biti i mobilni, MP3 plejer itd) koji je eventualno zarazen?

Poslao: 11 Dec 2008 23:52
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Da moja flesh memorija , kako da je ocistim moze li Avast da pomogne?

Dopuna: 11 Dec 2008 23:52

Na poslu imam zatvorenu mrezu sa aplikacijama sa kojim radimo.Moj kolega i ortak ujedno je inace programer. Na glavnom serveru smo primetili neki fajl "gy.exe" ili tako nesto slicno.Nikako da se obrise.Instalirali sno Updatovani Nod 32 i on ge je detektovao kao Trojan virus. Medjutim , nesmemo da krenemo sa ciscenjem mreze zbog veoma bitnih podataka koje imamo u sistemu.Upravo zbog toga u toj mrezi nemamo pristup Internetu. Najverovatnije mi je i Flash memorija zarazena sa tog kompa. Daj neki savet , mislim koji AV program mozemo da pustima a da pritom budemo sigurni da nece nista od podataka biti obrisano.U pitanju su tabele (Paradox) koje su prepune veoma vaznim podacima. Aplikacija je radjena u Windows okruzenju sa Delfi 7 alatom.

Poslao: 12 Dec 2008 05:55
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc pls, mis radi a ekran ne reaguje

Ko je trenutno na forumu
 

Ukupno su 825 korisnika na forumu :: 6 registrovanih, 2 sakrivenih i 817 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, hyla, Istman, Motocar, nenad81, voja64