offline
- Pridružio: 02 Okt 2007
- Poruke: 50
|
Zdravo evo uradila sam to sta sam trebala, mislim da sam uradila pravilno
Logfile of HijackThis v1.99.1
Scan saved at 15:29:51, on 06.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\HPDESK\HPPDDIR.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\dllcache\msfav32.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\SmartSoft\Asistent\Asistent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Natasa\Desktop\adi\tr3.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = banka.com.mk/
O2 - BHO: (no name) - {B3E45965-BCE5-4892-9781-E1D144C86727} - C:\WINDOWS\System32\pmkjg.dll
O2 - BHO: {7eacddd4-0c58-914b-4cb4-d3628051098c} - {c8901508-263d-4bc4-b419-85c04dddcae7} - C:\WINDOWS\System32\qmewlbga.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [6400ab9b] rundll32.exe "C:\WINDOWS\System32\xdfxugdf.dll",b
O4 - HKLM\..\RunServices: [Windows haz Layer] esbxw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Document Assistant.lnk = C:\HPDESK\HPPDDIR.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F9463571-87CB-4A90-A1AC-2284B7F5AF4E} (Persits Software XEncrypt) - banka.com.mk/Ctrls/Ctrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{095B9FDB-FA52-4163-9AD1-E3300B448964}: NameServer = 217.16.69.3,217.16.69.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2B7054A-1547-4D46-BE19-FC6B5DC22192}: NameServer = 85.30.126.1 217.16.68.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{095B9FDB-FA52-4163-9AD1-E3300B448964}: NameServer = 217.16.69.3,217.16.69.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{095B9FDB-FA52-4163-9AD1-E3300B448964}: NameServer = 217.16.69.3,217.16.69.2
O20 - Winlogon Notify: byxyxyw - C:\WINDOWS\SYSTEM32\byxyxyw.dll
O20 - Winlogon Notify: cbxvtrs - C:\WINDOWS\SYSTEM32\cbxvtrs.dll
O20 - Winlogon Notify: cbxyayy - C:\WINDOWS\SYSTEM32\cbxyayy.dll
O20 - Winlogon Notify: efcaaxw - C:\WINDOWS\SYSTEM32\efcaaxw.dll
O20 - Winlogon Notify: efcccdd - C:\WINDOWS\SYSTEM32\efcccdd.dll
O20 - Winlogon Notify: gebcddd - C:\WINDOWS\SYSTEM32\gebcddd.dll
O20 - Winlogon Notify: gebxvwx - C:\WINDOWS\SYSTEM32\gebxvwx.dll
O20 - Winlogon Notify: jkkijhg - C:\WINDOWS\SYSTEM32\jkkijhg.dll
O20 - Winlogon Notify: khfgecy - C:\WINDOWS\SYSTEM32\khfgecy.dll
O20 - Winlogon Notify: ljjifde - C:\WINDOWS\SYSTEM32\ljjifde.dll
O20 - Winlogon Notify: mljhhii - C:\WINDOWS\SYSTEM32\mljhhii.dll
O20 - Winlogon Notify: mljighh - C:\WINDOWS\SYSTEM32\mljighh.dll
O20 - Winlogon Notify: opnnmjk - C:\WINDOWS\SYSTEM32\opnnmjk.dll
O20 - Winlogon Notify: opnomkk - C:\WINDOWS\SYSTEM32\opnomkk.dll
O20 - Winlogon Notify: pmnmkjj - C:\WINDOWS\SYSTEM32\pmnmkjj.dll
O20 - Winlogon Notify: qommkih - C:\WINDOWS\SYSTEM32\qommkih.dll
O20 - Winlogon Notify: rqrstss - C:\WINDOWS\SYSTEM32\rqrstss.dll
O20 - Winlogon Notify: urqnnnl - C:\WINDOWS\SYSTEM32\urqnnnl.dll
O20 - Winlogon Notify: wvutuuu - C:\WINDOWS\SYSTEM32\wvutuuu.dll
O20 - Winlogon Notify: wvuuvvw - C:\WINDOWS\SYSTEM32\wvuuvvw.dll
O20 - Winlogon Notify: wvuvuut - C:\WINDOWS\SYSTEM32\wvuvuut.dll
O20 - Winlogon Notify: yayawwv - C:\WINDOWS\SYSTEM32\yayawwv.dll
O20 - Winlogon Notify: yayxvwt - C:\WINDOWS\SYSTEM32\yayxvwt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: u1v4r1 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Windows Internet Connection Sharing Service (Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\system32\dllcache\msfav32.exe
Vundo fix
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtstqn.dll
C:\WINDOWS\system32\awtstqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtuvtu.dll
C:\WINDOWS\system32\awtuvtu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxusqn.dll
C:\WINDOWS\system32\byxusqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxwtqq.dll
C:\WINDOWS\system32\byxwtqq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxwwvu.dll
C:\WINDOWS\system32\byxwwvu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxxxuu.dll
C:\WINDOWS\system32\cbxxxuu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcdbxw.dll
C:\WINDOWS\system32\ddcdbxw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcywvu.dll
C:\WINDOWS\system32\ddcywvu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcayxw.dll
C:\WINDOWS\system32\efcayxw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcywur.dll
C:\WINDOWS\system32\efcywur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccbaxv.dll
C:\WINDOWS\system32\fccbaxv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccbywt.dll
C:\WINDOWS\system32\fccbywt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccdccc.dll
C:\WINDOWS\system32\fccdccc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fccywus.dll
C:\WINDOWS\system32\fccywus.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebxvwu.dll
C:\WINDOWS\system32\gebxvwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebxxyx.dll
C:\WINDOWS\system32\gebxxyx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggfedd.dll
C:\WINDOWS\system32\hggfedd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggghgg.dll
C:\WINDOWS\system32\hggghgg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfcdbc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjgeda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjheef.dll
C:\WINDOWS\system32\ljjheef.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjihhg.dll
C:\WINDOWS\system32\ljjihhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjjgg.dll
C:\WINDOWS\system32\mljjjgg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnkklm.dll
C:\WINDOWS\system32\nnnkklm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnnnli.dll
C:\WINDOWS\system32\nnnnnli.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnllkh.dll
C:\WINDOWS\system32\opnllkh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnmnkl.dll
C:\WINDOWS\system32\opnmnkl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomjjkl.dll
C:\WINDOWS\system32\qomjjkl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomlihg.dll
C:\WINDOWS\system32\qomlihg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomlmnm.dll
C:\WINDOWS\system32\qomlmnm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qommlmj.dll
C:\WINDOWS\system32\qommlmj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvvsqn.dll
C:\WINDOWS\system32\tuvvsqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpoml.dll
C:\WINDOWS\system32\urqpoml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqppmk.dll
C:\WINDOWS\system32\urqppmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpqpm.dll
C:\WINDOWS\system32\urqpqpm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuurqn.dll
C:\WINDOWS\system32\wvuurqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuvstt.dll
C:\WINDOWS\system32\wvuvstt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyxwtr.dll
C:\WINDOWS\system32\xxyxwtr.dll Has been deleted!
Performing Repairs to the registry.
Done!
SmitFraudFix v2.250
Scan done at 15:10:34,87, 06.11.2007
Run from C:\Documents and Settings\Natasa\Desktop\adi\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 downloads5.kaspersky-labs.com
127.0.0.1 vncsvr.com
127.0.0.1 secdreg.org
127.0.0.1 virusscan.jotti.org
127.0.0.1 www.jotti.org
127.0.0.1 cdn.atwola.com
127.0.0.1 www.atwola.com
127.0.0.1 www.fastclick.net
127.0.0.1 www.avsystemcare.com
127.0.0.1 calc.avsystemcare.com
127.0.0.1 avsystemcare.com
127.0.0.1 content.onerateld.com
127.0.0.1 www.onerateld.com
127.0.0.1 protect.trustedantivirus.com
127.0.0.1 www.trustedantivirus.com
127.0.0.1 iwantsearch.net
127.0.0.1 www.iwantsearch.net
127.0.0.1 mediacount.net
127.0.0.1 www.mediacount.net
127.0.0.1 bin.errorprotector.com
127.0.0.1 www.errorprotector.com
127.0.0.1 br.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 br.winantivirus.com
127.0.0.1 www.winantivirus.com
127.0.0.1 br.winfixer.com
127.0.0.1 www.winfixer.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 www.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 www.winsoftware.com
127.0.0.1 de.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 de.winantivirus.com
127.0.0.1 www.winantivirus.com
127.0.0.1 download.cdn.drivecleaner.com
127.0.0.1 download.cdn.errorsafe.com
127.0.0.1 download.cdn.winsoftware.com
127.0.0.1 download.errorsafe.com
127.0.0.1 download.systemdoctor.com
127.0.0.1 download.winantispyware.com
127.0.0.1 download.windrivecleaner.com
127.0.0.1 download.winfixer.com
127.0.0.1 drivecleaner.com
127.0.0.1 dynamique.drivecleaner.com
127.0.0.1 errorprotector.com
127.0.0.1 errorsafe.com
127.0.0.1 es.winantivirus.com
127.0.0.1 fr.winantivirus.com
127.0.0.1 fr.winfixer.com
127.0.0.1 go.drivecleaner.com
127.0.0.1 go.errorsafe.com
127.0.0.1 go.winantispyware.com
127.0.0.1 go.winantivirus.com
127.0.0.1 hk.winantivirus.com
127.0.0.1 instlog.errorsafe.com
127.0.0.1 instlog.winantivirus.com
127.0.0.1 instlog.winfixer.com
127.0.0.1 jsp.drivecleaner.com
127.0.0.1 kb.errorsafe.com
127.0.0.1 kb.winantivirus.com
127.0.0.1 nl.errorsafe.com
127.0.0.1 se.errorsafe.com
127.0.0.1 secure.drivecleaner.com
127.0.0.1 secure.errorsafe.com
127.0.0.1 secure.winantispam.com
127.0.0.1 secure.winantispy.com
127.0.0.1 secure.winantivirus.com
127.0.0.1 support.winantivirus.com
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 ulog.winantivirus.com
127.0.0.1 utils.errorsafe.com
127.0.0.1 utils.winantivirus.com
127.0.0.1 utils.winfixer.com
127.0.0.1 winantispyware.com
127.0.0.1 winantivirus.com
127.0.0.1 winfixer.com
127.0.0.1 winfixer2006.com
127.0.0.1 winsoftware.com
127.0.0.1 www.drivecleaner.com
127.0.0.1 www.errorprotector.com
127.0.0.1 www.errorsafe.com
127.0.0.1 www.systemdoctor.com
127.0.0.1 www.utils.winfixer.com
127.0.0.1 www.win-anti-virus-pro.com
127.0.0.1 www.win-virus-pro.com
127.0.0.1 www.winantispam.com
127.0.0.1 www.winantispy.com
127.0.0.1 www.winantispyware.com
127.0.0.1 www.winantivirus.com
127.0.0.1 www.winantiviruspro.com
127.0.0.1 www.windrivecleaner.com
127.0.0.1 www.windrivesafe.com
127.0.0.1 www.winfixer.com
127.0.0.1 www.winfixer2006.com
127.0.0.1 www.winsoftware.com
127.0.0.1 www.usagc.org
127.0.0.1 www.prospywareremover.com
127.0.0.1 prospywareremover.com
127.0.0.1 www.noadware.com--e.com
127.0.0.1 noadware.com--e.com
127.0.0.1 www.wwwadawear.com
127.0.0.1 wwwadawear.com
127.0.0.1 www.free-spyware-scan.org
127.0.0.1 free-spyware-scan.org
127.0.0.1 www.spybotfinder.com
127.0.0.1 spybotfinder.com
127.0.0.1 www.the-spyware-zone.com
127.0.0.1 the-spyware-zone.com
127.0.0.1 www.digitalreservoir.com
127.0.0.1 digitalreservoir.com
127.0.0.1 www.free-spyware.net
127.0.0.1 free-spyware.net
127.0.0.1 www.spyware-control.com
127.0.0.1 spyware-control.com
127.0.0.1 www.computerspywarecheck.com
127.0.0.1 computerspywarecheck.com
127.0.0.1 www.compare-spyware.com
127.0.0.1 compare-spyware.com
127.0.0.1 www.spywareremoval.ws
127.0.0.1 spywareremoval.ws
127.0.0.1 www.ridadware.org
127.0.0.1 ridadware.org
127.0.0.1 www.elimiware.com
127.0.0.1 elimiware.com
127.0.0.1 www.nomorespyware.net
127.0.0.1 nomorespyware.net
127.0.0.1 www.123-spyware-remover.com
127.0.0.1 123-spyware-remover.com
127.0.0.1 www.spyware-adware-removal.net
127.0.0.1 spyware-adware-removal.net
127.0.0.1 www.spytoaster.com
127.0.0.1 spytoaster.com
127.0.0.1 www.spywareno.com
127.0.0.1 spywareno.com
127.0.0.1 www.3bsoftware.com
127.0.0.1 3bsoftware.com
127.0.0.1 www.softwaredoctor.com
127.0.0.1 softwaredoctor.com
127.0.0.1 doubleclick.net
127.0.0.1 doubleclick.com
127.0.0.1 adhostcenter.com
127.0.0.1 adtrade.net
127.0.0.1 www.adcycle.com
127.0.0.1 advertising.com
127.0.0.1 servedby.advertising.com
127.0.0.1 commission-junction.com
127.0.0.1 dayrates.com
127.0.0.1 ad-flow.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 popuptraffic.com
127.0.0.1 fastclick.com
127.0.0.1 adserving.cpxinteractive.com
127.0.0.1 www.usafis.org
127.0.0.1 brazauskas.info
127.0.0.1 centralgate.biz
127.0.0.1 clickfast.biz
127.0.0.1 code.jcash.biz
127.0.0.1 code.trasferimento.biz
127.0.0.1 cyber-search.biz
127.0.0.1 download.accessmedia.tv
127.0.0.1 download.jupitersatellites.biz
127.0.0.1 exeloads.info
127.0.0.1 forlink.biz
127.0.0.1 game4all.biz
127.0.0.1 get-access.host.sk
127.0.0.1 musah.info
127.0.0.1 picshunter.us
127.0.0.1 prevedtraf.biz
127.0.0.1 search-biz.biz
127.0.0.1 searchx.cc
127.0.0.1 s-pics.biz
127.0.0.1 snow410.info
127.0.0.1 sp2admin.biz
127.0.0.1 traff5all.biz
127.0.0.1 traffbest.biz
127.0.0.1 traffbucks.biz
127.0.0.1 traffmoney.biz
127.0.0.1 ultra-search.biz
127.0.0.1 www.lattefresco.biz
127.0.0.1 www.picshunter.us
127.0.0.1 www.procounter.biz
127.0.0.1 www.searchx.cc
127.0.0.1 www.s-pics.biz
127.0.0.1 www.sp2admin.biz
127.0.0.1 www.spamcatchero.biz
127.0.0.1 www.traff4ppc.biz
127.0.0.1 www.zgallery.us
127.0.0.1 ybbwxlxytz.biz
127.0.0.1 yepjnddqpq.biz
127.0.0.1 yhvoo.eseconsult.info
127.0.0.1 zchxsikpgz.biz
127.0.0.1 zgallery.us
127.0.0.1 inetpc.net
127.0.0.1 mp0.inetpc.net
127.0.0.1 m.proxyisp.info
127.0.0.1 proxyisp.info
127.0.0.1 vncsvr.com
127.0.0.1 dhcp.vncsvr.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{095B9FDB-FA52-4163-9AD1-E3300B448964}: NameServer=217.16.69.3,217.16.69.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{78A5EAD1-FF2D-46DF-96C2-E3AB5ECD3CE2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{095B9FDB-FA52-4163-9AD1-E3300B448964}: NameServer=217.16.69.3,217.16.69.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{78A5EAD1-FF2D-46DF-96C2-E3AB5ECD3CE2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{095B9FDB-FA52-4163-9AD1-E3300B448964}: NameServer=217.16.69.3,217.16.69.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{78A5EAD1-FF2D-46DF-96C2-E3AB5ECD3CE2}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SDFix: Version 1.113
Run by Natasa on 06.11.2007 at 15:14
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Natasa\Desktop\NEWFOL~2\NEWFOL~1\SDFix
Safe Mode:
Checking Services:
Name:
Distributed Allocated Memory Unit
Mimserv
mshexdefx
runtime
ImagePath:
"C:\WINDOWS\system32\dllcache\mravsc32.exe"
"C:\WINDOWS\system32\dllcache\services.exe"
"C:\WINDOWS\system32\dllcache\ivchost.exe"
\??\C:\WINDOWS\System32\drivers\runtime.sys
Distributed Allocated Memory Unit - Deleted
Mimserv - Deleted
mshexdefx - Deleted
runtime - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service runtime2 - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\ESBXW.EXE - Deleted
C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\ERASEM~2.EXE - Deleted
C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\system32\eraseme_00410.exe - Deleted
C:\WINDOWS\system32\eraseme_25557.exe - Deleted
C:\WINDOWS\system\NOTEPAD.exe - Deleted
C:\WINDOWS\system32\3_exception.nls - Deleted
C:\WINDOWS\system32\dllcache\ivchost.exe - Deleted
C:\WINDOWS\system32\dllcache\mravsc32.exe - Deleted
C:\WINDOWS\system32\wbem\scrcons32.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\Temp\startdrv.exe - Deleted
C:\WINDOWS\system32\drivers\runtime2.sys - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-11-06 15:17:46
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1\DirectSound]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:8a93f672
"s1"=dword:628c4f0e
"s2"=dword:f97ca385
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c9,eb,77,b8,18,a4,9c,04,6b,d0,07,36,16,a6,17,e7,0f,65,17,19,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,43,f7,4a,f5,f1,38,f7,f4,37,fb,9d,b8,59,89,ae,8a,..
"khjeh"=hex:f0,88,99,c9,58,1b,8f,5b,0c,f9,c7,90,75,d0,fa,3c,f0,2b,88,9e,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:86,3d,53,c3,65,22,94,83,a3,ec,63,75,0e,a0,1c,9a,95,86,a3,a2,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1\DirectSound]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\\20\4\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c9,eb,77,b8,18,a4,9c,04,6b,d0,07,36,16,a6,17,e7,0f,65,17,19,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,43,f7,4a,f5,f1,38,f7,f4,37,fb,9d,b8,59,89,ae,8a,..
"khjeh"=hex:f0,88,99,c9,58,1b,8f,5b,0c,f9,c7,90,75,d0,fa,3c,f0,2b,88,9e,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:86,3d,53,c3,65,22,94,83,a3,ec,63,75,0e,a0,1c,9a,95,86,a3,a2,9d,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\System32\\wbem\\scrcons32.exe"="C:\\WINDOWS\\System32\\wbem\\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Natasa\Desktop\NEWFOL~2\NEWFOL~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 2 Oct 2007 438,272 A.SH. --- "C:\WINDOWS\system32\f1r5st83.exe"
Wed 31 Oct 2007 6,473 ..SH. --- "C:\WINDOWS\system32\gjkmp.bak1"
Tue 6 Nov 2007 102,172 ..SH. --- "C:\WINDOWS\system32\gjkmp.bak2"
Mon 8 Oct 2007 65,115 A.SH. --- "C:\WINDOWS\system32\srvd.exe"
Wed 31 Oct 2007 402,432 ..SHR --- "C:\WINDOWS\system32\dllcache\msfav32.exe"
Fri 20 Feb 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Fri 20 Feb 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"
Finished!
Pozdrav
|
