MyCity » Ambulanta -> Arhiva Ambulante » Pomoc pls, mis radi a ekran ne reaguje

Pomoc pls, mis radi a ekran ne reaguje

Napisano na dan: 10.12.2008

Strana:
1
2

Pomoc pls, mis radi a ekran ne reaguje

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Tom-Tom Poslao: 10 Dec 2008 17:36 Idi na vrh
offline Tom-Tom Građanin Tomislav Varagic Pridružio: 06 Maj 2008 Poruke: 124 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Help pls, mislim da sam zakacio neki malware...Mis radi i njime slobodno mogu da se krecem po ekranu medjutim ne reaguje na nikakvu komandu.Takodje na Ctrl+Alt+Del. ne otvara task manager, takodje ga ne otvara ni kad stanem na tool bar i desnim klikom kad kliknem.Sta da radim?

Profil

bobby Poslao: 10 Dec 2008 17:50 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bio si vec u Ambulanti, znas koja je procedura.

Profil

Tom-Tom Poslao: 10 Dec 2008 18:56 Idi na vrh
offline Tom-Tom Građanin Tomislav Varagic Pridružio: 06 Maj 2008 Poruke: 124 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Davno bilo Bobby, znam da treba da se skenira komp sa Hi Jack-om valjda bese..I zatim se postavi log. Hoce le me noko sagledati od dezurnih lekara u ambulanti..? Dopuna: 10 Dec 2008 18:31 Evo ga i log.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:26:15 PM, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Opera\opera.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6213 bytes Dopuna: 10 Dec 2008 18:56 Skinuo sa Combo fix evo i njegovog loga... ComboFix 08-12-09.03 - User 2008-12-10 18:36:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.233 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Application Data\.# c:\documents and settings\User\Application Data\FunWebProducts c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\00675426 c:\program files\MyWebSearch\bar\Cache\00676135 c:\program files\MyWebSearch\bar\Cache\00676E07.bin c:\program files\MyWebSearch\bar\Cache\006774EC.bin c:\program files\MyWebSearch\bar\Cache\00678E9E.bin c:\program files\MyWebSearch\bar\Cache\00679F48.bin c:\program files\MyWebSearch\bar\Cache\0067B197.bin c:\program files\MyWebSearch\bar\Cache\006BA000.bin c:\program files\MyWebSearch\bar\Cache\006BCAF8.bin c:\program files\MyWebSearch\bar\Cache\006BD8F2.bin c:\program files\MyWebSearch\bar\Cache\006BDC7C.bin c:\program files\MyWebSearch\bar\Cache\006BE15E c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\program files\Windows Live\Messenger\msimg32.dll c:\program files\Windows Live\Messenger\riched20.dll c:\windows\system32\f3PSSavr.scr c:\windows\system32\msssc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 ))))))))))))))))))))))))))))))) . 2008-12-10 18:25 . 2008-12-10 18:25 <DIR> d-------- c:\program files\Trend Micro 2008-12-08 10:59 . 2008-12-08 10:59 <DIR> d-------- c:\program files\Search Settings 2008-12-08 10:59 . 2008-12-08 15:30 <DIR> d-------- c:\program files\Dealio 2008-12-08 10:58 . 2008-12-08 10:59 <DIR> d-------- c:\documents and settings\User\Application Data\Dealio 2008-12-08 10:57 . 2008-12-08 10:57 <DIR> d-------- c:\program files\Free Video Converter 2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\program files\mIRC 2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\documents and settings\User\Application Data\mIRC 2008-12-07 16:59 . 2008-12-07 16:59 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall 2008-12-06 17:22 . 2008-12-06 17:22 <DIR> d-------- c:\program files\Fun Web Products 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\scripting 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\en 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\bits 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\l2schemas 2008-12-06 14:56 . 2008-12-06 15:00 <DIR> d-------- c:\windows\ServicePackFiles 2008-12-05 21:03 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty 2008-12-05 18:14 . 2008-12-05 18:14 <DIR> d-------- c:\documents and settings\User\Application Data\Leadertech 2008-12-05 18:05 . 2008-12-06 15:34 141 --a------ c:\windows\disney.ini 2008-12-05 18:04 . 2008-12-05 18:04 183 --a------ c:\windows\disneysy.ini 2008-12-04 17:24 . 2008-12-04 17:24 <DIR> d-------- c:\documents and settings\User\.thumbnails 2008-12-04 16:08 . 2008-12-10 11:43 <DIR> d-------- c:\program files\Professional §©®ÎÞt v.4 Black 2008-12-04 16:01 . 2008-12-04 16:01 <DIR> d-------- c:\windows\Sun 2008-12-03 23:18 . 2008-12-04 17:27 <DIR> d-------- c:\documents and settings\User\Application Data\gtk-2.0 2008-12-03 23:15 . 2008-12-04 17:28 <DIR> d-------- c:\documents and settings\User\.gimp-2.4 2008-12-03 22:52 . 2008-12-03 23:00 <DIR> d-------- C:\Travian 2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision 2008-11-29 00:52 . 2008-11-29 00:52 <DIR> d-------- c:\documents and settings\User\Application Data\AdobeUM 2008-11-28 15:10 . 2008-12-03 20:16 2,027,830 --a------ c:\windows\ACD Wallpaper.bmp 2008-11-27 21:39 . 2008-11-27 21:39 <DIR> d-------- c:\documents and settings\User\Application Data\Ahead 2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\program files\MySpace 2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\documents and settings\User\Application Data\MySpace 2008-11-27 14:59 . 2008-12-01 13:12 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-26 11:06 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2008-11-26 11:06 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2008-11-26 11:06 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys 2008-11-26 00:25 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll 2008-11-25 21:45 . 2008-11-25 21:45 <DIR> d---s---- c:\documents and settings\User\UserData 2008-11-25 18:12 . 2008-12-06 20:29 <DIR> d-------- c:\documents and settings\User\Application Data\LimeWire 2008-11-25 18:12 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll 2008-11-25 18:12 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-25 18:11 . 2008-12-03 12:36 <DIR> d-------- c:\program files\Java 2008-11-25 13:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-11-25 13:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2008-11-25 13:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-25 11:32 . 2008-12-06 18:03 <DIR> d-------- c:\program files\Total Video Converter 2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- c:\temp\Aspi 470 2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- C:\Temp 2008-11-25 10:40 . 1999-11-24 01:00 288,433 --a------ c:\temp\aspi32.exe 2008-11-25 10:40 . 2002-06-13 16:39 153,088 --a------ c:\temp\UNWISE.EXE 2008-11-25 10:40 . 1999-09-10 13:06 45,056 --a------ c:\windows\system32\wnaspi32.dll 2008-11-25 10:40 . 1999-09-10 13:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys 2008-11-25 10:40 . 1999-09-10 13:06 5,600 --a------ c:\windows\system\winaspi.dll 2008-11-25 10:40 . 1999-09-10 13:06 4,672 --a------ c:\windows\system\wowpost.exe 2008-11-25 01:18 . 2008-11-25 01:18 <DIR> d-------- c:\documents and settings\User\Application Data\Publish Providers 2008-11-25 01:15 . 2008-11-25 01:15 <DIR> d-------- c:\documents and settings\User\Application Data\Sony 2008-11-25 01:14 . 2008-11-25 01:14 <DIR> d-------- c:\program files\Sony 2008-11-25 01:13 . 2008-11-25 01:13 <DIR> d-------- c:\program files\Vstplugins 2008-11-25 00:59 . 2008-11-25 00:59 <DIR> d-------- c:\documents and settings\User\Application Data\Sony Setup 2008-11-24 22:58 . 2008-11-28 23:11 49 --a------ c:\windows\NeroDigital.ini 2008-11-24 22:57 . 2008-11-24 22:57 <DIR> d-------- c:\program files\Outsim 2008-11-24 22:57 . 2008-12-06 15:35 <DIR> d-------- c:\program files\Image-Line 2008-11-24 22:57 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm 2008-11-24 22:57 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll 2008-11-24 22:56 . 2008-11-24 22:56 <DIR> d-------- c:\documents and settings\User\Application Data\ACD Systems 2008-11-24 22:53 . 2008-11-24 22:53 <DIR> d-------- c:\program files\Wisdom-soft ScreenHunter 5 Free 2008-11-24 22:27 . 2008-11-25 23:12 <DIR> d-------- c:\documents and settings\User\Contacts 2008-11-24 22:26 . 2008-11-24 22:26 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-24 22:21 . 2008-11-24 22:29 <DIR> d-------- c:\program files\Windows Live 2008-11-24 22:21 . 2008-11-24 22:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-24 20:50 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-24 20:50 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-24 20:50 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-24 20:50 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-24 20:48 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-11-24 20:48 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-24 20:47 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-24 20:47 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-24 20:46 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-24 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 19:24 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-24 19:19 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-24 19:16 . 2008-11-24 19:16 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-24 19:14 . 2008-11-24 19:15 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-11-24 19:13 . 2008-11-24 19:13 53,248 --a------ c:\windows\system32\suppdll.dll 2008-11-24 19:13 . 2008-11-24 19:13 35,363 --a------ c:\windows\system32\windrvNT.sys 2008-11-24 19:12 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-24 19:06 . 2008-12-07 16:16 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-24 19:06 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe 2008-11-24 17:41 . 2008-11-24 17:53 <DIR> d-------- c:\program files\LimeWire 2008-11-24 17:31 . 2008-11-24 17:31 <DIR> d-------- c:\program files\Opera 2008-11-24 16:47 . 2008-04-14 01:11 21,504 --a------ c:\windows\system32\hidserv.dll 2008-11-24 16:47 . 2008-04-13 19:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2008-11-24 16:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-11-24 16:46 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2008-11-24 14:55 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2008-11-24 14:55 . 2008-11-24 14:55 376 --a------ c:\windows\ODBC.INI 2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft.NET 2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft ActiveSync 2008-11-24 14:53 . 2008-11-24 14:54 <DIR> d-------- c:\windows\SHELLNEW 2008-11-24 14:36 . 2004-03-03 21:30 125,184 --a------ c:\windows\system32\drivers\imagesrv.sys 2008-11-24 14:36 . 2004-03-03 21:30 5,504 --a------ c:\windows\system32\drivers\imagedrv.sys 2008-11-24 14:36 . 2008-11-24 14:36 0 --a------ c:\windows\nsreg.dat 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Common Files\Ahead 2008-11-24 14:35 . 2008-12-08 20:07 <DIR> d-------- c:\program files\Common Files\ACD Systems 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Ahead 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\ACD Systems 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems 2008-11-24 14:35 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll 2008-11-24 14:35 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll 2008-11-24 14:35 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll 2008-11-24 14:35 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2008-11-24 14:35 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll 2008-11-24 14:35 . 2008-11-24 14:35 9,856 --a------ c:\windows\system32\drivers\pfc.sys 2008-11-24 14:34 . 2008-11-24 14:34 <DIR> d-------- c:\windows\Downloaded Installations 2008-11-24 12:11 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\pxhelp20.sys 2008-11-24 12:10 . 2008-11-26 11:08 <DIR> d-------- c:\program files\Winamp 2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\program files\CyberLink 2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2008-11-24 12:10 . 2008-11-26 13:47 192 --a------ c:\windows\winamp.ini 2008-11-24 12:07 . 2008-11-25 11:32 <DIR> d-------- c:\program files\Mv2Player 2008-11-24 12:06 . 2008-12-08 15:30 <DIR> d-------- c:\program files\ffdshow . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 14:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-25 09:41 0 ----a-w c:\program files\Common Files\dht342126 2008-11-24 10:28 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-24 10:10 --------- d-----w c:\program files\Analog Devices 2008-11-24 09:53 --------- d-----w c:\program files\microsoft frontpage 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7569408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Valve\\hl.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Professional §©®ÎÞt v.4 Black\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2008-11-24 77312] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-24 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560] S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jklokn.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c55264-bef7-11dd-80ea-001d0fc39ae6}] \Shell\AutoRun\command - f.bat \Shell\explore\Command - f.bat \Shell\open\Command - f.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2bc4e21-c527-11dd-810d-001d0fc39ae6}] \SheLl\AutoPLaY\ComMAnd - G:\yficr.cmd \SheLl\AutoRun\command - G:\yficr.cmd \SheLl\explORe\CoMmAnD - G:\yficr.cmd \SheLl\opeN\comMand - G:\yficr.cmd . - - - - ORPHANS REMOVED - - - - HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe . ------- Supplementary Scan ------- . IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000 IE: Compare Prices with &Dealio - c:\documents and settings\User\Application Data\Dealio\kb127\res\DealioSearch.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FireFox -: Profile - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\juj0ydtq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-10 18:40:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\sccfg.sys 358 bytes scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2008-12-10 18:44:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-10 17:44:25 Pre-Run: 14,477,074,432 bytes free Post-Run: 14,957,113,344 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 365 --- E O F --- 2008-12-08 20:38:23

Profil

bobby Poslao: 10 Dec 2008 19:07 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

Profil

Tom-Tom Poslao: 10 Dec 2008 20:48 Idi na vrh
offline Tom-Tom Građanin Tomislav Varagic Pridružio: 06 Maj 2008 Poruke: 124 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo Bobbe po dogovoru... mycity.rs/must-login.png mycity.rs/must-login.png

Profil

bobby Poslao: 10 Dec 2008 21:07 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll Folder:: c:\documents and settings\User\Application Data\Dealio c:\program files\Dealio Driver:: abp470n5 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81c55264-bef7-11dd-80ea-001d0fc39ae6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2bc4e21-c527-11dd-810d-001d0fc39ae6}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Javi i kako se sada komp ponasa. Jel bolje ili isto?

Profil

Tom-Tom Poslao: 10 Dec 2008 21:30 Idi na vrh
offline Tom-Tom Građanin Tomislav Varagic Pridružio: 06 Maj 2008 Poruke: 124 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-12-09.03 - User 2008-12-10 21:08:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.159 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt * Created a new restore point FILE :: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Application Data\Dealio c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts_over.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts_rec.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\alerts_rec_over.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\chevron-small.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\deal_report.jpg c:\documents and settings\User\Application Data\Dealio\kb127\res\DealioSearch.html c:\documents and settings\User\Application Data\Dealio\kb127\res\deals-leftcap.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\ebay_login.jpg c:\documents and settings\User\Application Data\Dealio\kb127\res\err_mainwindow.html c:\documents and settings\User\Application Data\Dealio\kb127\res\err_toolbar.html c:\documents and settings\User\Application Data\Dealio\kb127\res\global_scripts.js c:\documents and settings\User\Application Data\Dealio\kb127\res\headerbgthin.jpg c:\documents and settings\User\Application Data\Dealio\kb127\res\highlight-bg.png c:\documents and settings\User\Application Data\Dealio\kb127\res\logo.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\logo_over.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbar.css c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbar.html c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbar.js c:\documents and settings\User\Application Data\Dealio\kb127\res\man_toolbarl.js c:\documents and settings\User\Application Data\Dealio\kb127\res\post-this-deal.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\post-this-deal_over.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\scripts.js c:\documents and settings\User\Application Data\Dealio\kb127\res\scroller.js c:\documents and settings\User\Application Data\Dealio\kb127\res\search-chevron.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\search-chevron_over.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\search_bg_blink.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\separator.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\settings.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\settings_over.gif c:\documents and settings\User\Application Data\Dealio\kb127\res\yahoo-search.png c:\documents and settings\User\Application Data\Dealio\kb127\rules\index.76.35 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.10.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.109.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.110.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.12.52 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.13.58 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.130.58 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.135.50 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.153.44 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.155.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.156.49 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.16.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.161.52 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.178.66 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.184.55 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.188.52 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.189.45 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.196.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.198.56 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.199.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.200.53 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.201.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.202.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.203.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.205.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.213.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.214.49 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.215.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.216.67 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.217.67 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.218.52 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.219.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.220.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.221.57 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.222.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.223.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.226.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.227.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.228.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.229.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.23.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.239.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.24.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.240.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.241.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.242.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.243.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.244.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.245.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.247.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.248.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.249.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.250.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.251.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.252.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.253.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.254.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.255.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.256.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.257.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.279.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.28.58 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.282.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.283.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.284.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.289.67 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.290.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.291.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.296.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.297.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.304.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.307.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.308.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.31.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.310.46 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.311.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.315.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.316.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.317.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.318.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.319.49 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.32.48 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.334.44 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.335.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.336.44 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.337.44 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.338.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.339.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.34.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.340.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.341.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.349.50 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.35.48 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.350.50 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.351.51 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.352.54 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.353.51 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.354.51 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.357.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.358.52 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.359.52 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.360.53 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.361.54 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.362.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.363.58 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.364.54 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.365.53 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.367.56 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.368.58 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.369.55 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.370.56 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.371.56 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.372.57 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.373.55 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.375.56 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.376.57 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.377.55 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.378.65 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.384.58 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.386.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.387.59 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.388.59 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.389.59 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.390.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.391.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.392.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.393.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.394.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.396.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.397.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.398.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.399.60 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.403.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.404.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.405.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.406.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.407.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.408.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.409.61 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.412.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.413.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.414.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.415.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.416.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.417.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.418.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.419.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.420.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.421.62 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.423.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.424.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.425.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.426.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.427.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.428.65 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.429.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.430.63 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.432.65 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.433.64 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.434.65 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.435.64 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.436.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.437.64 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.438.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.439.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.440.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.442.73 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.443.73 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.444.73 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.445.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.446.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.450.67 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.451.67 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.452.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.453.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.454.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.456.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.457.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.458.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.459.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.460.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.462.74 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.463.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.464.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.465.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.468.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.469.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.470.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.471.73 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.472.70 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.478.74 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.479.73 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.480.68 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.481.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.482.74 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.49.67 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.50.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.500.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.501.74 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.502.71 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.51.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.52.72 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.520.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.521.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.522.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.53.51 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.531.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.532.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.534.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.54.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.55.45 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.56.69 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.57.43 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.58.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.593.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.595.76 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.63.57 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.66.47 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.70.75 c:\documents and settings\User\Application Data\Dealio\kb127\rules\rules.1.71.43 c:\documents and settings\User\Application Data\Dealio\kb127\temp\dealio-14223.log c:\documents and settings\User\Application Data\Dealio\kb127\temp\installtype.ini c:\program files\Dealio c:\program files\Dealio\kb127\Dealio.dll c:\program files\Dealio\kb127\DealioRes409.dll c:\program files\Dealio\kb127\res\alerts.gif c:\program files\Dealio\kb127\res\alerts_over.gif c:\program files\Dealio\kb127\res\alerts_rec.gif c:\program files\Dealio\kb127\res\alerts_rec_over.gif c:\program files\Dealio\kb127\res\chevron-small.gif c:\program files\Dealio\kb127\res\deal_report.jpg c:\program files\Dealio\kb127\res\DealioSearch.html c:\program files\Dealio\kb127\res\deals-leftcap.gif c:\program files\Dealio\kb127\res\ebay_login.jpg c:\program files\Dealio\kb127\res\err_mainwindow.html c:\program files\Dealio\kb127\res\err_toolbar.html c:\program files\Dealio\kb127\res\global_scripts.js c:\program files\Dealio\kb127\res\headerbgthin.jpg c:\program files\Dealio\kb127\res\highlight-bg.png c:\program files\Dealio\kb127\res\logo.gif c:\program files\Dealio\kb127\res\logo_over.gif c:\program files\Dealio\kb127\res\man_toolbar.css c:\program files\Dealio\kb127\res\man_toolbar.html c:\program files\Dealio\kb127\res\man_toolbar.js c:\program files\Dealio\kb127\res\man_toolbarl.js c:\program files\Dealio\kb127\res\post-this-deal.gif c:\program files\Dealio\kb127\res\post-this-deal_over.gif c:\program files\Dealio\kb127\res\scripts.js c:\program files\Dealio\kb127\res\scroller.js c:\program files\Dealio\kb127\res\search-chevron.gif c:\program files\Dealio\kb127\res\search-chevron_over.gif c:\program files\Dealio\kb127\res\search_bg_blink.gif c:\program files\Dealio\kb127\res\separator.gif c:\program files\Dealio\kb127\res\settings.gif c:\program files\Dealio\kb127\res\settings_over.gif c:\program files\Dealio\kb127\res\yahoo-search.png c:\program files\Dealio\kb127\resDN\bottom.gif c:\program files\Dealio\kb127\resDN\chevron_down.gif c:\program files\Dealio\kb127\resDN\chevron_up.gif c:\program files\Dealio\kb127\resDN\close.gif c:\program files\Dealio\kb127\resDN\deskbar.css c:\program files\Dealio\kb127\resDN\deskbar.js c:\program files\Dealio\kb127\resDN\dispatch_helper.js c:\program files\Dealio\kb127\resDN\ebay_compatible.jpg c:\program files\Dealio\kb127\resDN\logo.gif c:\program files\Dealio\kb127\resDN\logo_chevron_bkg.gif c:\program files\Dealio\kb127\resDN\losing.gif c:\program files\Dealio\kb127\resDN\lost.gif c:\program files\Dealio\kb127\resDN\man_deskbar.html c:\program files\Dealio\kb127\resDN\menu_arrow.gif c:\program files\Dealio\kb127\resDN\menu_check.gif c:\program files\Dealio\kb127\resDN\no_image.gif c:\program files\Dealio\kb127\resDN\prod_img.gif c:\program files\Dealio\kb127\resDN\search_chevron.gif c:\program files\Dealio\kb127\resDN\spacer.gif c:\program files\Dealio\kb127\resDN\textfield_bkg.gif c:\program files\Dealio\kb127\resDN\top.gif c:\program files\Dealio\kb127\resDN\unknown.gif c:\program files\Dealio\kb127\resDN\winning.gif c:\program files\Dealio\kb127\resDN\won.gif c:\program files\Dealio\kb127\rules\index.76.35 c:\program files\Dealio\kb127\rules\rules.1.10.76 c:\program files\Dealio\kb127\rules\rules.1.109.43 c:\program files\Dealio\kb127\rules\rules.1.110.43 c:\program files\Dealio\kb127\rules\rules.1.12.52 c:\program files\Dealio\kb127\rules\rules.1.13.58 c:\program files\Dealio\kb127\rules\rules.1.130.58 c:\program files\Dealio\kb127\rules\rules.1.135.50 c:\program files\Dealio\kb127\rules\rules.1.153.44 c:\program files\Dealio\kb127\rules\rules.1.155.43 c:\program files\Dealio\kb127\rules\rules.1.156.49 c:\program files\Dealio\kb127\rules\rules.1.16.60 c:\program files\Dealio\kb127\rules\rules.1.161.52 c:\program files\Dealio\kb127\rules\rules.1.178.66 c:\program files\Dealio\kb127\rules\rules.1.184.55 c:\program files\Dealio\kb127\rules\rules.1.188.52 c:\program files\Dealio\kb127\rules\rules.1.189.45 c:\program files\Dealio\kb127\rules\rules.1.196.43 c:\program files\Dealio\kb127\rules\rules.1.198.56 c:\program files\Dealio\kb127\rules\rules.1.199.43 c:\program files\Dealio\kb127\rules\rules.1.200.53 c:\program files\Dealio\kb127\rules\rules.1.201.43 c:\program files\Dealio\kb127\rules\rules.1.202.43 c:\program files\Dealio\kb127\rules\rules.1.203.71 c:\program files\Dealio\kb127\rules\rules.1.205.62 c:\program files\Dealio\kb127\rules\rules.1.213.71 c:\program files\Dealio\kb127\rules\rules.1.214.49 c:\program files\Dealio\kb127\rules\rules.1.215.43 c:\program files\Dealio\kb127\rules\rules.1.216.67 c:\program files\Dealio\kb127\rules\rules.1.217.67 c:\program files\Dealio\kb127\rules\rules.1.218.52 c:\program files\Dealio\kb127\rules\rules.1.219.43 c:\program files\Dealio\kb127\rules\rules.1.220.43 c:\program files\Dealio\kb127\rules\rules.1.221.57 c:\program files\Dealio\kb127\rules\rules.1.222.43 c:\program files\Dealio\kb127\rules\rules.1.223.68 c:\program files\Dealio\kb127\rules\rules.1.226.68 c:\program files\Dealio\kb127\rules\rules.1.227.43 c:\program files\Dealio\kb127\rules\rules.1.228.62 c:\program files\Dealio\kb127\rules\rules.1.229.76 c:\program files\Dealio\kb127\rules\rules.1.23.63 c:\program files\Dealio\kb127\rules\rules.1.239.43 c:\program files\Dealio\kb127\rules\rules.1.24.43 c:\program files\Dealio\kb127\rules\rules.1.240.43 c:\program files\Dealio\kb127\rules\rules.1.241.43 c:\program files\Dealio\kb127\rules\rules.1.242.43 c:\program files\Dealio\kb127\rules\rules.1.243.43 c:\program files\Dealio\kb127\rules\rules.1.244.63 c:\program files\Dealio\kb127\rules\rules.1.245.43 c:\program files\Dealio\kb127\rules\rules.1.247.43 c:\program files\Dealio\kb127\rules\rules.1.248.43 c:\program files\Dealio\kb127\rules\rules.1.249.43 c:\program files\Dealio\kb127\rules\rules.1.250.43 c:\program files\Dealio\kb127\rules\rules.1.251.43 c:\program files\Dealio\kb127\rules\rules.1.252.43 c:\program files\Dealio\kb127\rules\rules.1.253.43 c:\program files\Dealio\kb127\rules\rules.1.254.43 c:\program files\Dealio\kb127\rules\rules.1.255.43 c:\program files\Dealio\kb127\rules\rules.1.256.43 c:\program files\Dealio\kb127\rules\rules.1.257.43 c:\program files\Dealio\kb127\rules\rules.1.279.43 c:\program files\Dealio\kb127\rules\rules.1.28.58 c:\program files\Dealio\kb127\rules\rules.1.282.75 c:\program files\Dealio\kb127\rules\rules.1.283.43 c:\program files\Dealio\kb127\rules\rules.1.284.43 c:\program files\Dealio\kb127\rules\rules.1.289.67 c:\program files\Dealio\kb127\rules\rules.1.290.62 c:\program files\Dealio\kb127\rules\rules.1.291.61 c:\program files\Dealio\kb127\rules\rules.1.296.43 c:\program files\Dealio\kb127\rules\rules.1.297.43 c:\program files\Dealio\kb127\rules\rules.1.304.43 c:\program files\Dealio\kb127\rules\rules.1.307.43 c:\program files\Dealio\kb127\rules\rules.1.308.75 c:\program files\Dealio\kb127\rules\rules.1.31.47 c:\program files\Dealio\kb127\rules\rules.1.310.46 c:\program files\Dealio\kb127\rules\rules.1.311.43 c:\program files\Dealio\kb127\rules\rules.1.315.43 c:\program files\Dealio\kb127\rules\rules.1.316.43 c:\program files\Dealio\kb127\rules\rules.1.317.43 c:\program files\Dealio\kb127\rules\rules.1.318.43 c:\program files\Dealio\kb127\rules\rules.1.319.49 c:\program files\Dealio\kb127\rules\rules.1.32.48 c:\program files\Dealio\kb127\rules\rules.1.334.44 c:\program files\Dealio\kb127\rules\rules.1.335.60 c:\program files\Dealio\kb127\rules\rules.1.336.44 c:\program files\Dealio\kb127\rules\rules.1.337.44 c:\program files\Dealio\kb127\rules\rules.1.338.75 c:\program files\Dealio\kb127\rules\rules.1.339.47 c:\program files\Dealio\kb127\rules\rules.1.34.43 c:\program files\Dealio\kb127\rules\rules.1.340.47 c:\program files\Dealio\kb127\rules\rules.1.341.47 c:\program files\Dealio\kb127\rules\rules.1.349.50 c:\program files\Dealio\kb127\rules\rules.1.35.48 c:\program files\Dealio\kb127\rules\rules.1.350.50 c:\program files\Dealio\kb127\rules\rules.1.351.51 c:\program files\Dealio\kb127\rules\rules.1.352.54 c:\program files\Dealio\kb127\rules\rules.1.353.51 c:\program files\Dealio\kb127\rules\rules.1.354.51 c:\program files\Dealio\kb127\rules\rules.1.357.62 c:\program files\Dealio\kb127\rules\rules.1.358.52 c:\program files\Dealio\kb127\rules\rules.1.359.52 c:\program files\Dealio\kb127\rules\rules.1.360.53 c:\program files\Dealio\kb127\rules\rules.1.361.54 c:\program files\Dealio\kb127\rules\rules.1.362.68 c:\program files\Dealio\kb127\rules\rules.1.363.58 c:\program files\Dealio\kb127\rules\rules.1.364.54 c:\program files\Dealio\kb127\rules\rules.1.365.53 c:\program files\Dealio\kb127\rules\rules.1.367.56 c:\program files\Dealio\kb127\rules\rules.1.368.58 c:\program files\Dealio\kb127\rules\rules.1.369.55 c:\program files\Dealio\kb127\rules\rules.1.370.56 c:\program files\Dealio\kb127\rules\rules.1.371.56 c:\program files\Dealio\kb127\rules\rules.1.372.57 c:\program files\Dealio\kb127\rules\rules.1.373.55 c:\program files\Dealio\kb127\rules\rules.1.375.56 c:\program files\Dealio\kb127\rules\rules.1.376.57 c:\program files\Dealio\kb127\rules\rules.1.377.55 c:\program files\Dealio\kb127\rules\rules.1.378.65 c:\program files\Dealio\kb127\rules\rules.1.384.58 c:\program files\Dealio\kb127\rules\rules.1.386.71 c:\program files\Dealio\kb127\rules\rules.1.387.59 c:\program files\Dealio\kb127\rules\rules.1.388.59 c:\program files\Dealio\kb127\rules\rules.1.389.59 c:\program files\Dealio\kb127\rules\rules.1.390.60 c:\program files\Dealio\kb127\rules\rules.1.391.60 c:\program files\Dealio\kb127\rules\rules.1.392.60 c:\program files\Dealio\kb127\rules\rules.1.393.60 c:\program files\Dealio\kb127\rules\rules.1.394.60 c:\program files\Dealio\kb127\rules\rules.1.396.61 c:\program files\Dealio\kb127\rules\rules.1.397.61 c:\program files\Dealio\kb127\rules\rules.1.398.60 c:\program files\Dealio\kb127\rules\rules.1.399.60 c:\program files\Dealio\kb127\rules\rules.1.403.61 c:\program files\Dealio\kb127\rules\rules.1.404.63 c:\program files\Dealio\kb127\rules\rules.1.405.61 c:\program files\Dealio\kb127\rules\rules.1.406.61 c:\program files\Dealio\kb127\rules\rules.1.407.76 c:\program files\Dealio\kb127\rules\rules.1.408.63 c:\program files\Dealio\kb127\rules\rules.1.409.61 c:\program files\Dealio\kb127\rules\rules.1.412.62 c:\program files\Dealio\kb127\rules\rules.1.413.62 c:\program files\Dealio\kb127\rules\rules.1.414.62 c:\program files\Dealio\kb127\rules\rules.1.415.62 c:\program files\Dealio\kb127\rules\rules.1.416.62 c:\program files\Dealio\kb127\rules\rules.1.417.62 c:\program files\Dealio\kb127\rules\rules.1.418.62 c:\program files\Dealio\kb127\rules\rules.1.419.62 c:\program files\Dealio\kb127\rules\rules.1.420.62 c:\program files\Dealio\kb127\rules\rules.1.421.62 c:\program files\Dealio\kb127\rules\rules.1.423.63 c:\program files\Dealio\kb127\rules\rules.1.424.63 c:\program files\Dealio\kb127\rules\rules.1.425.63 c:\program files\Dealio\kb127\rules\rules.1.426.63 c:\program files\Dealio\kb127\rules\rules.1.427.63 c:\program files\Dealio\kb127\rules\rules.1.428.65 c:\program files\Dealio\kb127\rules\rules.1.429.63 c:\program files\Dealio\kb127\rules\rules.1.430.63 c:\program files\Dealio\kb127\rules\rules.1.432.65 c:\program files\Dealio\kb127\rules\rules.1.433.64 c:\program files\Dealio\kb127\rules\rules.1.434.65 c:\program files\Dealio\kb127\rules\rules.1.435.64 c:\program files\Dealio\kb127\rules\rules.1.436.76 c:\program files\Dealio\kb127\rules\rules.1.437.64 c:\program files\Dealio\kb127\rules\rules.1.438.71 c:\program files\Dealio\kb127\rules\rules.1.439.71 c:\program files\Dealio\kb127\rules\rules.1.440.75 c:\program files\Dealio\kb127\rules\rules.1.442.73 c:\program files\Dealio\kb127\rules\rules.1.443.73 c:\program files\Dealio\kb127\rules\rules.1.444.73 c:\program files\Dealio\kb127\rules\rules.1.445.68 c:\program files\Dealio\kb127\rules\rules.1.446.69 c:\program files\Dealio\kb127\rules\rules.1.450.67 c:\program files\Dealio\kb127\rules\rules.1.451.67 c:\program files\Dealio\kb127\rules\rules.1.452.68 c:\program files\Dealio\kb127\rules\rules.1.453.68 c:\program files\Dealio\kb127\rules\rules.1.454.69 c:\program files\Dealio\kb127\rules\rules.1.456.69 c:\program files\Dealio\kb127\rules\rules.1.457.75 c:\program files\Dealio\kb127\rules\rules.1.458.70 c:\program files\Dealio\kb127\rules\rules.1.459.70 c:\program files\Dealio\kb127\rules\rules.1.460.69 c:\program files\Dealio\kb127\rules\rules.1.462.74 c:\program files\Dealio\kb127\rules\rules.1.463.69 c:\program files\Dealio\kb127\rules\rules.1.464.70 c:\program files\Dealio\kb127\rules\rules.1.465.68 c:\program files\Dealio\kb127\rules\rules.1.468.70 c:\program files\Dealio\kb127\rules\rules.1.469.70 c:\program files\Dealio\kb127\rules\rules.1.470.70 c:\program files\Dealio\kb127\rules\rules.1.471.73 c:\program files\Dealio\kb127\rules\rules.1.472.70 c:\program files\Dealio\kb127\rules\rules.1.478.74 c:\program files\Dealio\kb127\rules\rules.1.479.73 c:\program files\Dealio\kb127\rules\rules.1.480.68 c:\program files\Dealio\kb127\rules\rules.1.481.71 c:\program files\Dealio\kb127\rules\rules.1.482.74 c:\program files\Dealio\kb127\rules\rules.1.49.67 c:\program files\Dealio\kb127\rules\rules.1.50.43 c:\program files\Dealio\kb127\rules\rules.1.500.71 c:\program files\Dealio\kb127\rules\rules.1.501.74 c:\program files\Dealio\kb127\rules\rules.1.502.71 c:\program files\Dealio\kb127\rules\rules.1.51.69 c:\program files\Dealio\kb127\rules\rules.1.52.72 c:\program files\Dealio\kb127\rules\rules.1.520.76 c:\program files\Dealio\kb127\rules\rules.1.521.76 c:\program files\Dealio\kb127\rules\rules.1.522.76 c:\program files\Dealio\kb127\rules\rules.1.53.51 c:\program files\Dealio\kb127\rules\rules.1.531.76 c:\program files\Dealio\kb127\rules\rules.1.532.75 c:\program files\Dealio\kb127\rules\rules.1.534.75 c:\program files\Dealio\kb127\rules\rules.1.54.47 c:\program files\Dealio\kb127\rules\rules.1.55.45 c:\program files\Dealio\kb127\rules\rules.1.56.69 c:\program files\Dealio\kb127\rules\rules.1.57.43 c:\program files\Dealio\kb127\rules\rules.1.58.47 c:\program files\Dealio\kb127\rules\rules.1.593.76 c:\program files\Dealio\kb127\rules\rules.1.595.76 c:\program files\Dealio\kb127\rules\rules.1.63.57 c:\program files\Dealio\kb127\rules\rules.1.66.47 c:\program files\Dealio\kb127\rules\rules.1.70.75 c:\program files\Dealio\kb127\rules\rules.1.71.43 c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_abp470n5 ((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 ))))))))))))))))))))))))))))))) . 2008-12-10 20:23 . 2008-12-10 20:23 250 --a------ c:\windows\gmer.ini 2008-12-10 18:25 . 2008-12-10 18:25 <DIR> d-------- c:\program files\Trend Micro 2008-12-08 10:59 . 2008-12-08 10:59 <DIR> d-------- c:\program files\Search Settings 2008-12-08 10:57 . 2008-12-08 10:57 <DIR> d-------- c:\program files\Free Video Converter 2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\program files\mIRC 2008-12-07 18:34 . 2008-12-07 19:49 <DIR> d-------- c:\documents and settings\User\Application Data\mIRC 2008-12-07 16:59 . 2008-12-07 16:59 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall 2008-12-06 17:22 . 2008-12-06 17:22 <DIR> d-------- c:\program files\Fun Web Products 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\scripting 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\en 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\system32\bits 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\windows\l2schemas 2008-12-06 14:56 . 2008-12-06 15:00 <DIR> d-------- c:\windows\ServicePackFiles 2008-12-05 21:03 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty 2008-12-05 18:14 . 2008-12-05 18:14 <DIR> d-------- c:\documents and settings\User\Application Data\Leadertech 2008-12-05 18:05 . 2008-12-06 15:34 141 --a------ c:\windows\disney.ini 2008-12-05 18:04 . 2008-12-05 18:04 183 --a------ c:\windows\disneysy.ini 2008-12-04 17:24 . 2008-12-04 17:24 <DIR> d-------- c:\documents and settings\User\.thumbnails 2008-12-04 16:08 . 2008-12-10 11:43 <DIR> d-------- c:\program files\Professional §©®ÎÞt v.4 Black 2008-12-04 16:01 . 2008-12-04 16:01 <DIR> d-------- c:\windows\Sun 2008-12-03 23:18 . 2008-12-04 17:27 <DIR> d-------- c:\documents and settings\User\Application Data\gtk-2.0 2008-12-03 23:15 . 2008-12-04 17:28 <DIR> d-------- c:\documents and settings\User\.gimp-2.4 2008-12-03 22:52 . 2008-12-03 23:00 <DIR> d-------- C:\Travian 2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-01 13:13 . 2008-12-01 13:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision 2008-11-29 00:52 . 2008-11-29 00:52 <DIR> d-------- c:\documents and settings\User\Application Data\AdobeUM 2008-11-28 15:10 . 2008-12-03 20:16 2,027,830 --a------ c:\windows\ACD Wallpaper.bmp 2008-11-27 21:39 . 2008-11-27 21:39 <DIR> d-------- c:\documents and settings\User\Application Data\Ahead 2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\program files\MySpace 2008-11-27 15:47 . 2008-11-27 15:47 <DIR> d-------- c:\documents and settings\User\Application Data\MySpace 2008-11-27 14:59 . 2008-12-01 13:12 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-26 11:06 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2008-11-26 11:06 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2008-11-26 11:06 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys 2008-11-26 00:25 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll 2008-11-25 21:45 . 2008-11-25 21:45 <DIR> d---s---- c:\documents and settings\User\UserData 2008-11-25 18:12 . 2008-12-06 20:29 <DIR> d-------- c:\documents and settings\User\Application Data\LimeWire 2008-11-25 18:12 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll 2008-11-25 18:12 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-25 18:11 . 2008-12-03 12:36 <DIR> d-------- c:\program files\Java 2008-11-25 13:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2008-11-25 13:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2008-11-25 13:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-25 11:32 . 2008-12-06 18:03 <DIR> d-------- c:\program files\Total Video Converter 2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- c:\temp\Aspi 470 2008-11-25 10:40 . 2008-11-25 10:40 <DIR> d-------- C:\Temp 2008-11-25 10:40 . 1999-11-24 01:00 288,433 --a------ c:\temp\aspi32.exe 2008-11-25 10:40 . 2002-06-13 16:39 153,088 --a------ c:\temp\UNWISE.EXE 2008-11-25 10:40 . 1999-09-10 13:06 45,056 --a------ c:\windows\system32\wnaspi32.dll 2008-11-25 10:40 . 1999-09-10 13:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys 2008-11-25 10:40 . 1999-09-10 13:06 5,600 --a------ c:\windows\system\winaspi.dll 2008-11-25 10:40 . 1999-09-10 13:06 4,672 --a------ c:\windows\system\wowpost.exe 2008-11-25 01:18 . 2008-11-25 01:18 <DIR> d-------- c:\documents and settings\User\Application Data\Publish Providers 2008-11-25 01:15 . 2008-11-25 01:15 <DIR> d-------- c:\documents and settings\User\Application Data\Sony 2008-11-25 01:14 . 2008-11-25 01:14 <DIR> d-------- c:\program files\Sony 2008-11-25 01:13 . 2008-11-25 01:13 <DIR> d-------- c:\program files\Vstplugins 2008-11-25 00:59 . 2008-11-25 00:59 <DIR> d-------- c:\documents and settings\User\Application Data\Sony Setup 2008-11-24 22:58 . 2008-11-28 23:11 49 --a------ c:\windows\NeroDigital.ini 2008-11-24 22:57 . 2008-11-24 22:57 <DIR> d-------- c:\program files\Outsim 2008-11-24 22:57 . 2008-12-06 15:35 <DIR> d-------- c:\program files\Image-Line 2008-11-24 22:57 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm 2008-11-24 22:57 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll 2008-11-24 22:56 . 2008-11-24 22:56 <DIR> d-------- c:\documents and settings\User\Application Data\ACD Systems 2008-11-24 22:53 . 2008-11-24 22:53 <DIR> d-------- c:\program files\Wisdom-soft ScreenHunter 5 Free 2008-11-24 22:27 . 2008-11-25 23:12 <DIR> d-------- c:\documents and settings\User\Contacts 2008-11-24 22:26 . 2008-11-24 22:26 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-24 22:21 . 2008-11-24 22:29 <DIR> d-------- c:\program files\Windows Live 2008-11-24 22:21 . 2008-11-24 22:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2008-11-24 22:21 . 2008-11-24 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-24 20:50 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-24 20:50 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-24 20:50 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-24 20:50 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-24 20:48 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-11-24 20:48 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-24 20:47 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-24 20:47 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-24 20:46 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-24 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 19:24 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-24 19:19 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-24 19:16 . 2008-11-24 19:16 <DIR> d-------- c:\program files\Windows Media Connect 2 2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-24 19:14 . 2008-11-24 19:15 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-11-24 19:13 . 2008-11-24 19:13 53,248 --a------ c:\windows\system32\suppdll.dll 2008-11-24 19:13 . 2008-11-24 19:13 35,363 --a------ c:\windows\system32\windrvNT.sys 2008-11-24 19:12 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-24 19:06 . 2008-12-07 16:16 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-24 19:06 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe 2008-11-24 17:41 . 2008-11-24 17:53 <DIR> d-------- c:\program files\LimeWire 2008-11-24 17:31 . 2008-11-24 17:31 <DIR> d-------- c:\program files\Opera 2008-11-24 16:47 . 2008-04-14 01:11 21,504 --a------ c:\windows\system32\hidserv.dll 2008-11-24 16:47 . 2008-04-13 19:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-11-24 16:47 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2008-11-24 16:46 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-11-24 16:46 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2008-11-24 14:55 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2008-11-24 14:55 . 2008-11-24 14:55 376 --a------ c:\windows\ODBC.INI 2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft.NET 2008-11-24 14:54 . 2008-11-24 14:54 <DIR> d-------- c:\program files\Microsoft ActiveSync 2008-11-24 14:53 . 2008-11-24 14:54 <DIR> d-------- c:\windows\SHELLNEW 2008-11-24 14:36 . 2004-03-03 21:30 125,184 --a------ c:\windows\system32\drivers\imagesrv.sys 2008-11-24 14:36 . 2004-03-03 21:30 5,504 --a------ c:\windows\system32\drivers\imagedrv.sys 2008-11-24 14:36 . 2008-11-24 14:36 0 --a------ c:\windows\nsreg.dat 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Common Files\Ahead 2008-11-24 14:35 . 2008-12-08 20:07 <DIR> d-------- c:\program files\Common Files\ACD Systems 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\Ahead 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\program files\ACD Systems 2008-11-24 14:35 . 2008-11-24 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems 2008-11-24 14:35 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll 2008-11-24 14:35 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll 2008-11-24 14:35 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll 2008-11-24 14:35 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2008-11-24 14:35 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll 2008-11-24 14:35 . 2008-11-24 14:35 9,856 --a------ c:\windows\system32\drivers\pfc.sys 2008-11-24 14:34 . 2008-11-24 14:34 <DIR> d-------- c:\windows\Downloaded Installations 2008-11-24 12:11 . 2007-03-08 00:51 43,528 --------- c:\windows\system32\drivers\pxhelp20.sys 2008-11-24 12:10 . 2008-11-26 11:08 <DIR> d-------- c:\program files\Winamp 2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\program files\CyberLink 2008-11-24 12:10 . 2008-11-24 12:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2008-11-24 12:10 . 2008-11-26 13:47 192 --a------ c:\windows\winamp.ini 2008-11-24 12:07 . 2008-11-25 11:32 <DIR> d-------- c:\program files\Mv2Player 2008-11-24 12:06 . 2008-12-08 15:30 <DIR> d-------- c:\program files\ffdshow 2008-11-24 12:05 . 2008-11-24 12:05 <DIR> d-------- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 14:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-25 09:41 0 ----a-w c:\program files\Common Files\dht342126 2008-11-24 10:28 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-24 10:10 --------- d-----w c:\program files\Analog Devices 2008-11-24 09:53 --------- d-----w c:\program files\microsoft frontpage 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-10_18.42.20.82 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-10 19:23:57 884,736 ----a-w c:\windows\gmer.dll + 2008-04-17 20:13:02 811,008 ----a-r c:\windows\gmer.exe + 2008-12-10 19:23:57 85,969 ----a-w c:\windows\system32\drivers\gmer.sys + 2008-12-10 20:15:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4c4.dat + 2008-12-10 20:15:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6ec.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-16 7569408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-16 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Valve\\hl.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Professional §©®ÎÞt v.4 Black\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2008-11-24 77312] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-24 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560] . . ------- Supplementary Scan ------- . IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000 IE: Compare Prices with &Dealio - c:\documents and settings\User\Application Data\Dealio\kb127\res\DealioSearch.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FireFox -: Profile - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\juj0ydtq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-10 21:15:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\sccfg.sys 358 bytes scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2008-12-10 21:18:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-10 20:18:25 ComboFix2.txt 2008-12-10 17:44:32 Pre-Run: 14,926,770,176 bytes free Post-Run: 14,916,378,624 bytes free 797 --- E O F --- 2008-12-08 20:38:23 Bobbe hvala ti, puno je bolje.Reci mi sta je to bilo sa Mozilom? Ja je ne koristim ?I svi oni fajlovi koji su izbrisani odakle i sta je to? Dopuna: 10 Dec 2008 21:30 Evo ga i Task Manager radi.

Profil

bobby Poslao: 10 Dec 2008 21:48 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deinstalirao sam ti dva toolbara. Jedan od njih se bio instalirao i u Mozillu. Osim toga, uklonio sam tragove nekog drajvera sumnjivog porekla. Pre toga je ComboFix sam uklonio jos toolbarova i jos par malwarea. Uklonili smo i ostatke neke infekcije koja se prenela putem nekog USB sticka (ili nekog drugog USB uredjaja sa memorijom). Imas li ti neki USB memorijski uredjaj (moze biti i mobilni, MP3 plejer itd) koji je eventualno zarazen?

Profil

Tom-Tom Poslao: 11 Dec 2008 23:52 Idi na vrh
offline Tom-Tom Građanin Tomislav Varagic Pridružio: 06 Maj 2008 Poruke: 124 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da moja flesh memorija , kako da je ocistim moze li Avast da pomogne? Dopuna: 11 Dec 2008 23:52 Na poslu imam zatvorenu mrezu sa aplikacijama sa kojim radimo.Moj kolega i ortak ujedno je inace programer. Na glavnom serveru smo primetili neki fajl "gy.exe" ili tako nesto slicno.Nikako da se obrise.Instalirali sno Updatovani Nod 32 i on ge je detektovao kao Trojan virus. Medjutim , nesmemo da krenemo sa ciscenjem mreze zbog veoma bitnih podataka koje imamo u sistemu.Upravo zbog toga u toj mrezi nemamo pristup Internetu. Najverovatnije mi je i Flash memorija zarazena sa tog kompa. Daj neki savet , mislim koji AV program mozemo da pustima a da pritom budemo sigurni da nece nista od podataka biti obrisano.U pitanju su tabele (Paradox) koje su prepune veoma vaznim podacima. Aplikacija je radjena u Windows okruzenju sa Delfi 7 alatom.

Profil

bobby Poslao: 12 Dec 2008 05:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe - startuj ga i odaberi opciju Auto block - ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi) - program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu) - gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick - dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa - ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni - zapamti kojim redom su ubacivani stickovi Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen. Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log. Automatski ce se otvoriti Notepad i u njemu izvestaj. Iskopiraj mi taj izvestaj ovde na forum.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc pls, mis radi a ekran ne reaguje

Ko je trenutno na forumu

Ukupno su 1179 korisnika na forumu :: 53 registrovanih, 9 sakrivenih i 1117 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Areal84, bozo13, celik, cikadeda, crnitrn, dane007, Dimitrise93, draganca, dragoljub11987, Duh sa sekirom, dushan, flash12, FOX, Griffon vulture, hatman, hologram, hooraay, Ivica1102, janbo, Karla, kjkszpj, Koridor, ksyyaj, kybonacci, laganini123, Leonov, Lieutenant, mackenzie, marsovac 2, mercedesamg, Metanoja, milenko crazy north, miodrag, Mixelotti, Ne doznajem se u oružje, Oscar, Parker, pavlo, pein, procesor, radoznao, ruger357, styg, Trpe Grozni, uruk, Valter071, Vlad000, Webb, wolf431, yrraf, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by