Komp zwolnił, Avast wykrył Win32:Rjump [Wrm]

Pabblo-83 · 4 Grudzień 2007 18:26

hej

komputer zaczął zwalniac, Avast wykrył Win32:Rjump [Wrm] w pliku adober.exe na c:\windows, przeniosłem plik do kwarantanny, skan Avastem podczas rozruchu nic nie wykrył, proszę o sprawdzenie logu z hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 19:17:31, on 2007-12-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Tlen.pl\tlen.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Documents and Settings\user\Moje dokumenty\Logi i programy antywirusowe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tlen.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 “EPSON Stylus C66 Series” /O6 “USB001” /M “Stylus C66” O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\bally4d.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU…\Run: [MagicSpeedBooster] C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

z góry dziękuję

pozdrawiam

Paweł

EDIT:

log z ComboFix:

ComboFix 07-12-02.7 - user 2007-12-04 19:50:11.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.274 [GMT 1:00] Running from: C:\Documents and Settings\user\Moje dokumenty\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\user\ravmonlog . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-12-04 18:18 . 2007-12-03 18:31 3,514,318 --------- C:\WINDOWS\trz8.tmp 2007-11-24 09:34 . 2007-11-26 12:08 175 --a------ C:\WINDOWS\system32\MInfoCfg.ini 2007-11-24 09:33 . 2007-11-24 09:33 2007-11-24 09:33 . 2002-08-07 13:48 94,208 --a------ C:\WINDOWS\system32\B4DCPL.cpl 2007-11-24 09:33 . 2001-05-10 14:42 6,144 --a------ C:\WINDOWS\system32\drivers\Ms2KFlt.sys 2007-11-24 09:33 . 2003-04-12 20:52 5,908 --a------ C:\WINDOWS\system32\drivers\MsW2kFlt.inf 2007-11-17 18:47 . 2007-11-17 18:47 2007-11-17 18:47 . 2007-11-17 18:47 2007-11-14 13:14 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 18:42 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype 2007-12-04 18:12 --------- d-----w C:\Program Files\Symantec 2007-12-04 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-04 18:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-12-03 20:44 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Tlen.pl 2007-11-26 16:14 --------- d-----w C:\Program Files\Java 2007-11-24 08:33 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-28 18:32 --------- d-----w C:\Program Files\GK3neu 2007-10-25 18:41 --------- d-----w C:\Program Files\Edgard Multimedia 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-02 19:07 274,432 ----a-w C:\WINDOWS\system32\IscDbc.dll 2007-10-02 19:07 262,144 ----a-w C:\WINDOWS\system32\OdbcJdbcMT.dll 2007-10-02 19:07 253,952 ----a-w C:\WINDOWS\system32\OdbcJdbc.dll 2007-10-02 19:07 155,648 ----a-w C:\WINDOWS\system32\OdbcJdbcSetup.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2005-12-25 12:59 0 ----a-w C:\Documents and Settings\user\Dane aplikacji\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 17:32] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 11:01] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 15:45] “MagicSpeedBooster”=“C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe” [2007-04-10 15:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-02-08 09:36] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-02-08 09:32] “GhostStartTrayApp”=“C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe” [2002-08-14 14:21] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-11-10 09:58] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-11-10 09:58] “IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2005-03-09 09:29] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50] “EPSON Stylus C66 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe” [2003-11-26 08:00] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “HorngTech4D”=“C:\PROGRA~1\MOUSES~1\bally4d.exe” [2002-07-31 10:37] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] R1 GhPciScan;GhostPciScanner;??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R1 SSHDRV86;SSHDRV86;??\C:\WINDOWS\system32\drivers\SSHDRV86.sys S3 MouseCmn;Mouse Driver;C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys . Contents of the ‘Scheduled Tasks’ folder “2007-12-04 17:24:53 C:\WINDOWS\Tasks\Symantec NetDetect.job” - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 19:51:39 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-12-04 19:52:53 C:\ComboFix2.txt … 2007-11-14 21:14 . — E O F —

Gutek · 4 Grudzień 2007 21:00

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Pabblo-83 · 4 Grudzień 2007 21:49

pierwszy log z combofixa (przed restartem)

ComboFix 07-12-02.7 - user 2007-12-04 22:36:11.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.260 [GMT 1:00] Running from: C:\Documents and Settings\user\Moje dokumenty\Logi i programy antywirusowe\ComboFix.exe Command switches used :: C:\Documents and Settings\user\Moje dokumenty\Logi i programy antywirusowe\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\user\Dane aplikacji\wklnhst.dat C:\WINDOWS\trz8.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\user\Dane aplikacji\wklnhst.dat C:\WINDOWS\trz8.tmp . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-11-24 09:34 . 2007-11-26 12:08 175 --a------ C:\WINDOWS\system32\MInfoCfg.ini 2007-11-24 09:33 . 2007-11-24 09:33 2007-11-24 09:33 . 2002-08-07 13:48 94,208 --a------ C:\WINDOWS\system32\B4DCPL.cpl 2007-11-24 09:33 . 2001-05-10 14:42 6,144 --a------ C:\WINDOWS\system32\drivers\Ms2KFlt.sys 2007-11-24 09:33 . 2003-04-12 20:52 5,908 --a------ C:\WINDOWS\system32\drivers\MsW2kFlt.inf 2007-11-17 18:47 . 2007-11-17 18:47 2007-11-17 18:47 . 2007-11-17 18:47 2007-11-14 13:14 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 21:27 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype 2007-12-04 18:12 --------- d-----w C:\Program Files\Symantec 2007-12-04 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-04 18:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-12-03 20:44 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Tlen.pl 2007-11-26 16:14 --------- d-----w C:\Program Files\Java 2007-11-24 08:33 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-28 18:32 --------- d-----w C:\Program Files\GK3neu 2007-10-25 18:41 --------- d-----w C:\Program Files\Edgard Multimedia 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-02 19:07 274,432 ----a-w C:\WINDOWS\system32\IscDbc.dll 2007-10-02 19:07 262,144 ----a-w C:\WINDOWS\system32\OdbcJdbcMT.dll 2007-10-02 19:07 253,952 ----a-w C:\WINDOWS\system32\OdbcJdbc.dll 2007-10-02 19:07 155,648 ----a-w C:\WINDOWS\system32\OdbcJdbcSetup.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((( snapshot@2007-12-04_19.51.44,10 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-04 18:13:47 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-04 19:02:34 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-04 18:13:47 68,022 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-12-04 19:02:34 68,022 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-12-04 18:13:47 381,890 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-04 19:02:34 381,890 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-04 18:13:47 437,712 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-12-04 19:02:34 437,712 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-12-04 18:58:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 17:32] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 11:01] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 15:45] “MagicSpeedBooster”=“C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe” [2007-04-10 15:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-02-08 09:36] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-02-08 09:32] “GhostStartTrayApp”=“C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe” [2002-08-14 14:21] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-11-10 09:58] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-11-10 09:58] “IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2005-03-09 09:29] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50] “EPSON Stylus C66 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe” [2003-11-26 08:00] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “HorngTech4D”=“C:\PROGRA~1\MOUSES~1\bally4d.exe” [2002-07-31 10:37] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] R1 GhPciScan;GhostPciScanner;??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R1 SSHDRV86;SSHDRV86;??\C:\WINDOWS\system32\drivers\SSHDRV86.sys S3 MouseCmn;Mouse Driver;C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys . Contents of the ‘Scheduled Tasks’ folder “2007-12-04 21:24:14 C:\WINDOWS\Tasks\Symantec NetDetect.job” - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 22:37:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 22:38:28 C:\ComboFix2.txt … 2007-12-04 19:52 C:\ComboFix3.txt … 2007-11-14 21:14 . — E O F —

w trakcie pracy combofixa krótko mignął komunikat o odmowie dostępu do C:\WINDOWS\trz8.tmp , nie wiem czy to coś zmienia

i drugi, po restarcie i usunięciu C:\Qoobox

ComboFix 07-12-02.7 - user 2007-12-04 22:46:01.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.230 [GMT 1:00] Running from: C:\Documents and Settings\user\Moje dokumenty\Logi i programy antywirusowe\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-11-24 09:34 . 2007-11-26 12:08 175 --a------ C:\WINDOWS\system32\MInfoCfg.ini 2007-11-24 09:33 . 2007-11-24 09:33 2007-11-24 09:33 . 2002-08-07 13:48 94,208 --a------ C:\WINDOWS\system32\B4DCPL.cpl 2007-11-24 09:33 . 2001-05-10 14:42 6,144 --a------ C:\WINDOWS\system32\drivers\Ms2KFlt.sys 2007-11-24 09:33 . 2003-04-12 20:52 5,908 --a------ C:\WINDOWS\system32\drivers\MsW2kFlt.inf 2007-11-17 18:47 . 2007-11-17 18:47 2007-11-17 18:47 . 2007-11-17 18:47 2007-11-14 13:14 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 21:45 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype 2007-12-04 18:12 --------- d-----w C:\Program Files\Symantec 2007-12-04 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-04 18:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-12-03 20:44 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Tlen.pl 2007-11-26 16:14 --------- d-----w C:\Program Files\Java 2007-11-24 08:33 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-28 18:32 --------- d-----w C:\Program Files\GK3neu 2007-10-25 18:41 --------- d-----w C:\Program Files\Edgard Multimedia 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-02 19:07 274,432 ----a-w C:\WINDOWS\system32\IscDbc.dll 2007-10-02 19:07 262,144 ----a-w C:\WINDOWS\system32\OdbcJdbcMT.dll 2007-10-02 19:07 253,952 ----a-w C:\WINDOWS\system32\OdbcJdbc.dll 2007-10-02 19:07 155,648 ----a-w C:\WINDOWS\system32\OdbcJdbcSetup.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 17:32] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 11:01] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 15:45] “MagicSpeedBooster”=“C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe” [2007-04-10 15:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-02-08 09:36] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-02-08 09:32] “GhostStartTrayApp”=“C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe” [2002-08-14 14:21] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-11-10 09:58] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-11-10 09:58] “IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2005-03-09 09:29] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50] “EPSON Stylus C66 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe” [2003-11-26 08:00] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “HorngTech4D”=“C:\PROGRA~1\MOUSES~1\bally4d.exe” [2002-07-31 10:37] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] R1 GhPciScan;GhostPciScanner;??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys R1 SSHDRV86;SSHDRV86;??\C:\WINDOWS\system32\drivers\SSHDRV86.sys S3 MouseCmn;Mouse Driver;C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys . Contents of the ‘Scheduled Tasks’ folder “2007-12-04 21:24:14 C:\WINDOWS\Tasks\Symantec NetDetect.job” - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 22:48:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 22:48:59 C:\ComboFix2.txt … 2007-12-04 22:38 C:\ComboFix3.txt … 2007-12-04 19:52 . — E O F —

jedną rzecz spaprałem , zagapiłem się i mimo wyraźnej instrukcji C:\qoobox usunąłem przed restartem, mam nadzieję że cała procedura nie stała się przez to bezsensowna.

pozdrawiam

Paweł

Gutek · 5 Grudzień 2007 13:03

Powinno być Ok, ale jeszcze:

Pobierz program SDFix

Pabblo-83 · 5 Grudzień 2007 17:07

hej

oto Report.txt :

SDFix: Version 1.117 Run by user on 2007-12-05 at 18:06 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 18:10:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free.” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Sat 19 Aug 2006 1,445,888 A.SH. — “C:\Documents and Settings\user\Moje dokumenty\zdj©cia\101_PANA\SIV2.tmp” Sat 19 Aug 2006 397,312 A.SH. — “C:\Documents and Settings\user\Moje dokumenty\zdj©cia\101_PANA\SIV3.tmp” Wed 14 Aug 2002 65,088 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM” Wed 14 Aug 2002 12,732 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM” Wed 14 Aug 2002 26,424 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM” Wed 14 Aug 2002 28,062 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM” Wed 14 Aug 2002 10,710 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM” Wed 14 Aug 2002 10,083 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM” Wed 14 Aug 2002 10,257 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM” Wed 14 Aug 2002 29,499 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM” Wed 14 Aug 2002 12,660 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM” Wed 14 Aug 2002 11,031 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM” Wed 14 Aug 2002 17,952 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM” Wed 14 Aug 2002 9,424 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM” Wed 14 Aug 2002 13,673 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM” Wed 14 Aug 2002 14,438 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM” Wed 14 Aug 2002 7,243 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM” Wed 14 Aug 2002 24,767 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM” Wed 14 Aug 2002 7,463 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM” Wed 14 Aug 2002 10,286 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM” Wed 14 Aug 2002 25,460 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM” Wed 14 Aug 2002 28,866 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM” Wed 14 Aug 2002 14,438 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM” Wed 14 Aug 2002 8,544 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys” Wed 14 Aug 2002 33,149 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys” Wed 28 May 2003 51,150 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI1394.SYS” Wed 14 Aug 2002 35,340 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI2DOS.SYS” Wed 14 Aug 2002 14,378 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI4DOS.SYS” Wed 14 Aug 2002 37,984 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI8DOS.SYS” Wed 14 Aug 2002 44,828 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI8U2.SYS” Wed 14 Aug 2002 29,628 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPICD.SYS” Wed 28 May 2003 52,106 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIEHCI.SYS” Wed 14 Aug 2002 49,242 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIOHCI.SYS” Wed 14 Aug 2002 50,606 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIUHCI.SYS” Wed 14 Aug 2002 161,792 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BOOTSRV.SYS” Wed 14 Aug 2002 174,080 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\bootsrv16.sys” Wed 14 Aug 2002 21,971 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BTCDROM.SYS” Wed 14 Aug 2002 30,955 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BTDOSM.SYS” Wed 14 Aug 2002 202,517 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\CMDS.EXE” Wed 14 Aug 2002 374,038 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\CMDS16.EXE” Wed 14 Aug 2002 22,158 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\COUNTRY.SYS” Wed 14 Aug 2002 1,608 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DEVICE.COM” Wed 14 Aug 2002 15,345 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DISPLAY.SYS” Wed 14 Aug 2002 7,840 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DLSHELP.SYS” Wed 14 Aug 2002 56,821 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\E.EXE” Wed 14 Aug 2002 64,425 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\FLASHPT.SYS” Wed 14 Aug 2002 32,396 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\GUEST.EXE” Wed 14 Aug 2002 14,160 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\HIMEM.SYS” Wed 14 Aug 2002 10,898 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\KEYB.COM” Wed 14 Aug 2002 53,556 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\KEYBOARD.SYS” Wed 14 Aug 2002 15,777 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MODE.COM” Wed 14 Aug 2002 37,681 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MOUSE.COM” Wed 14 Aug 2002 354,304 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\msbootsrv16.sys” Wed 14 Aug 2002 21,180 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MSCDEX.EXE” Wed 14 Aug 2002 354,263 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\Net.exe” Wed 14 Aug 2002 8,513 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\NETBIND.COM” Wed 14 Aug 2002 41,302 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\OAKCDROM.SYS” Wed 14 Aug 2002 129,240 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\OHCI.EXE” Wed 14 Aug 2002 28,439 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\Paralink.com” Wed 14 Aug 2002 13,770 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\PROTMAN.EXE” Wed 14 Aug 2002 130,980 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\UHCI.EXE” Wed 14 Aug 2002 11,854 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM” Wed 14 Aug 2002 52,715 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM” Wed 14 Aug 2002 62,391 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM” Wed 14 Aug 2002 11,491 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com” Wed 14 Aug 2002 17,791 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com” Wed 14 Aug 2002 17,043 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com” Wed 14 Aug 2002 11,786 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com” Wed 14 Aug 2002 18,300 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com” Wed 14 Aug 2002 48,224 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com” Wed 14 Aug 2002 13,360 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com” Wed 14 Aug 2002 9,190 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com” Wed 14 Aug 2002 12,567 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com” Wed 14 Aug 2002 44,640 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM” Wed 14 Aug 2002 56,896 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com” Wed 14 Aug 2002 44,640 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com” Wed 14 Aug 2002 9,692 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com” Wed 14 Aug 2002 9,537 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM” Wed 14 Aug 2002 32,484 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com” Wed 14 Aug 2002 52,225 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe” Wed 14 Aug 2002 48,491 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe” Wed 14 Aug 2002 50,405 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com” Wed 14 Aug 2002 33,860 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe” Wed 14 Aug 2002 50,175 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe” Wed 14 Aug 2002 50,795 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe” Wed 14 Aug 2002 48,223 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com” Wed 14 Aug 2002 48,641 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe” Wed 14 Aug 2002 49,015 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com” Wed 14 Aug 2002 53,786 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\command.com” Wed 14 Aug 2002 44,240 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM” Wed 14 Aug 2002 42,550 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM” Finished!

Gutek · 5 Grudzień 2007 21:07

No nic nie widzę

Pabblo-83 · 5 Grudzień 2007 21:10

dziękuję za pomoc

pozdrawiam

Paweł