Liczba postów: 3
Liczba wątków: 1
Dołączył: 15.05.2009
Reputacja:
0
Witam!
Mam problem gdyż Avira wykryła mi trojana TR/Crypt.XPACK.Gen i niebardzo wiem jak mogę się go pozbyć... Wklejam logi z hijacka i combofixa. Bardzo proszę o pomoc i z góry dziękuje.
log z HijackThis
Cytat:Logfile of HijackThis v1.99.1
Scan saved at 01:31:32, on 2009-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Documents and Settings\Ostafin\Pulpit\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
F3 - REG:win.ini: load=C:\TBridge\Flatbed.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]"D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager]%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update]D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BearShare]"D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Cmaudio]RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck]D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer]VTTimer.exe
O4 - HKLM\..\Run: [avgnt]"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task]"D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Gadu-Gadu]"D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite]"D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj] :\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Aby zobaczyć linki, zarejestruj się tutaj]
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Zarządzanie aplikacjami AppMgmtclr_optimization_v2.0.50727_32 (AppMgmtclr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\system32\wpv251236951426.cpx.exe (file missing)
i z ComboFix
Cytat: ComboFix 09-05-14.03 - Ostafin 2009-05-151:55.3 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.48.1045.18.735.474 [GMT 2:00]
Uruchomiony z: d:\documents and settings\Ostafin\Pulpit\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\wpv251236951426.cpx
d:\windows\Temp\283810366.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_APPMGMTCLR_OPTIMIZATION_V2.0.50727_32
-------\Service_AppMgmtclr_optimization_v2.0.50727_32
((((((((((((((((((((((((( Pliki utworzone od 2009-04-15 do 2009-05-15)))))))))))))))))))))))))))))))
.
2009-05-14 23:19 . 2009-05-15 00:00 11552 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-05-14 23:19 . 2009-05-15 00:02 836896 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-05-14 22:59 . 2009-05-14 23:30 -------- d-----w d:\program files\Common Files\ParetoLogic
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\ParetoLogic Anti-Virus PLUS
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w d:\documents and settings\Ostafin\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
2009-05-06 17:01 . 2009-05-06 17:01 -------- d-----w d:\documents and settings\Ostafin\Dane aplikacji\Media Player Classic
2009-04-16 11:02 . 2004-08-03 22:38 14848 -c--a-w d:\windows\system32\dllcache\kbdhid.sys
2009-04-16 11:02 . 2004-08-03 22:38 14848 ----a-w d:\windows\system32\drivers\kbdhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 00:00 . 2009-05-14 23:19 1628 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-15 00:00 . 2009-05-14 23:19 12236 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-14 22:46 . 2009-03-13 17:44 169 --s-a-w d:\windows\system32\2776990058.dat
2009-04-17 17:14 . 2001-10-26 16:15 74230 ----a-w d:\windows\system32\perfc015.dat
2009-04-17 17:14 . 2001-10-26 16:15 448004 ----a-w d:\windows\system32\perfh015.dat
2009-03-22 13:53 . 2009-03-22 13:52 -------- d-----w d:\program files\K-Lite Codec Pack
2009-03-22 13:52 . 2008-11-05 11:55 -------- d-----w d:\program files\DivX
2009-03-22 13:47 . 2009-03-22 13:46 -------- d-----w d:\program files\QuickTime
2009-03-22 13:46 . 2009-03-22 13:46 -------- d-----w d:\program files\Apple Software Update
2009-03-19 18:17 . 2009-02-28 00:34 -------- d-----w d:\program files\Internet Download Manager
2009-03-19 18:17 . 2007-11-09 21:39 -------- d-----w d:\program files\Google
2009-03-06 14:47 . 2004-08-03 23:44 285184 ----a-w d:\windows\system32\pdh.dll
2009-02-28 01:53 . 2009-02-28 01:46 108144 ----a-w d:\windows\system32\CmdLineExt.dll
2009-02-28 01:06 . 2009-02-28 01:06 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-02-20 08:32 . 2004-08-03 23:44 662016 ----a-w d:\windows\system32\wininet.dll
2009-02-20 08:32 . 2004-08-03 23:44 81920 ----a-w d:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[7]2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 d:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7]2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 d:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7]2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7]2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7]2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7]2004-08-03 22:14 359040 9F4B36614A0FC234525BA224957DE55C d:\windows\$NtUninstallKB917953$\tcpip.sys
[7]2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 d:\windows\$NtUninstallKB941644$\tcpip.sys
[7]2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 d:\windows\$NtUninstallKB951748$\tcpip.sys
[-]2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys
[-]2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 d:\windows\system32\dllcache\tcpip.sys
[-]2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 d:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760]
"Synchronization Manager"="d:\windows\system32\mobsync.exe" [2004-08-03 143872]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"VTTimer"="VTTimer.exe" - d:\windows\system32\VTTimer.exe [2003-08-20 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
d:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Murator\\Drzewa i krzewy\\DiK2006.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Zawartość folderu ''Zaplanowane zadania''
2009-04-18 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-BearShare - d:\program files\BearShare\BearShare.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Skan uzupełniający -------
.
uStart Page = [Aby zobaczyć linki, zarejestruj się tutaj]
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Ostafin\Dane aplikacji\Mozilla\Firefox\Profiles\bgvgmlyz.default\
FF - prefs.js: browser.startup.homepage - [Aby zobaczyć linki, zarejestruj się tutaj]
FF - plugin: d:\documents and settings\Ostafin\Dane aplikacji\Mozilla\Firefox\Profiles\bgvgmlyz.default\extensions\[email protected]\plugins\NPSignPlugin.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2009-05-15 02:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-507921405-1500820517-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,8b,a1,37,26,f0,e1,93,f3,73,a6,fd,0e,05,55,d2,ad,00,55,ec,56,43,c2,
77,60,14,4e,d9,4c,34,07,f4,ca,e8,a8,60,a4,e0,12,69,0e,43,83,8a,4d,c8,8f,e7,\
"??"=hex:e1,f5,7f,44,be,21,f4,3c,11,b7,c1,5f,43,8e,36,51
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > ''explorer.exe''(4092)
d:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
d:\program files\Common Files\Microsoft Shared\Web Components\11\1045\OWCI11.DLL
d:\windows\system32\shdoclc.dll
d:\windows\system32\browselc.dll
d:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
d:\program files\Microsoft Office\OFFICE11\msohev.dll
d:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
d:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
d:\windows\system32\wdfmgr.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
d:\windows\system32\wscntfy.exe
d:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-152:06 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt2009-05-15 00:06
Przed: 60 488 957 952 bajtów wolnych
Po: 61 387 321 344 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
150 --- E O F --- 2009-05-13 10:05
Pozdrawiam serdecznie
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Cytat: O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O23 - Service: Zarządzanie aplikacjami AppMgmtclr_optimization_v2.0.50727_32 (AppMgmtclr_optimization_v2.0.50727_32) - Unknown owner - D:\WINDOWS\system32\wpv251236951426.cpx.exe (file missing)
Skasuj te wpisy w hijacku.
Przeskanuj system za pomocą [Aby zobaczyć linki, zarejestruj się tutaj]
Potem wyniki skanu MBAM, log z najnowszej wersji hijacka i [Aby zobaczyć linki, zarejestruj się tutaj]
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 3
Liczba wątków: 1
Dołączył: 15.05.2009
Reputacja:
0
Witam!
Przesyłam logi o których Pan mówił:
Cytat: Malwarebytes'' Anti-Malware 1.36
Wersja bazy definicji: 2135
Windows 5.1.2600 Dodatek Service Pack 2
2009-05-15 16:04:20
mbam-log-2009-05-15 (16-04-18).txt
Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 72979
Upłynęło: 3 minute(s), 7 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 13
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 1
Zainfekowane foldery: 0
Zainfekowane pliki: 1
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.
Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
D:\WindowsXP-KB936929-SP3-x86-PLK.exe (Trojan.Agent) -> No action taken.
Cytat: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:08, on 2009-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\VTTimer.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\mobsync.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\notepad.exe
D:\Program Files\Malwarebytes'' Anti-Malware\mbam.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]"D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager]%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update]D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck]D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer]VTTimer.exe
O4 - HKLM\..\Run: [avgnt]"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task]"D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig]D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes'' Anti-Malware]D:\Program Files\Malwarebytes'' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Gadu-Gadu]"D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite]"D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]D:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]D:\WINDOWS\system32\CTFMON.EXE (User ''Default user'')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj] :\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Aby zobaczyć linki, zarejestruj się tutaj]
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O24 - Desktop Component 0: (no name) - [Aby zobaczyć linki, zarejestruj się tutaj]
O24 - Desktop Component 1: (no name) - file:///D:/DOCUME~1/Ostafin/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 5313 bytes
Cytat: OTListIt logfile created on: 2009-05-15 15:56:45 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = D:\Documents and Settings\Ostafin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
735,48 Mb Total Physical Memory | 419,60 Mb Available Physical Memory | 57,05% Memory free
1,01 Gb Paging File | 0,72 Gb Available in Paging File | 71,51% Paging File free
Paging file location(s): D:\pagefile.sys 336 672 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 1011,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: FAT
Drive D: | 72,58 Gb Total Space | 57,18 Gb Free Space | 78,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 465,65 Gb Total Space | 349,29 Gb Free Space | 75,01% Space Free | Partition Type: FAT32
Computer Name: OSTAFIN-075EE0D
Current User Name: Ostafin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2008-10-15 15:31:53 | 00,068,865 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008-10-15 15:30:02 | 00,151,297 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe
PRC - [2007-06-13 15:23:49 | 01,034,752 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2007-06-14 18:32:40 | 00,132,760 | ---- | M](Sun Microsystems, Inc.) -- D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2006-12-10 22:52:38 | 00,049,152 | ---- | M](Hewlett-Packard Co.) -- D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2003-08-20 12:56:14 | 00,045,056 | ---- | M](S3 Graphics, Inc.) -- D:\WINDOWS\system32\VTTimer.exe
PRC - [2008-06-12 15:28:45 | 00,266,497 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M](Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe
PRC - [2008-12-29 12:40:30 | 00,687,560 | ---- | M](DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2005-09-24 07:05:26 | 00,029,696 | ---- | M](Adobe Systems Incorporated) -- D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2007-01-02 22:40:10 | 00,210,520 | ---- | M](Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004-08-04 01:44:22 | 00,143,872 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\system32\mobsync.exe
PRC - [2006-12-10 22:51:08 | 00,271,960 | ---- | M](Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009-04-29 12:10:37 | 00,307,704 | ---- | M](Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-05-15 15:52:27 | 00,501,248 | ---- | M](OldTimer Tools) -- D:\Documents and Settings\Ostafin\Pulpit\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2008-10-15 15:31:53 | 00,068,865 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running] )
SRV - [2008-10-15 15:30:02 | 00,151,297 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running] )
SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped] )
SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped] )
SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running] )
SRV - [2007-01-20 00:44:40 | 00,225,280 | ---- | M](Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running] )
SRV - [2007-01-20 00:44:40 | 00,131,072 | ---- | M](Hewlett-Packard Co.) -- D:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running] )
SRV - [2006-11-08 17:35:36 | 00,043,520 | ---- | M](Hewlett-Packard) -- D:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running] )
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M](Microsoft Corporation) -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped] )
SRV - [2006-11-08 17:35:38 | 00,053,248 | ---- | M](Hewlett-Packard) -- D:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running] )
SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running] )
========== Driver Services (SafeList) ==========
DRV - [2005-12-21 04:16:34 | 00,470,048 | R--- | M](Atheros Communications, Inc.) -- D:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running] )
DRV - [2007-02-27 16:25:01 | 00,011,840 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running] )
DRV - [2008-05-20 17:29:41 | 00,052,032 | ---- | M](Avira GmbH) -- D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running] )
DRV - [2008-11-27 01:28:20 | 00,075,072 | ---- | M](Avira GmbH) -- D:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running] )
DRV - [2003-12-12 14:18:54 | 00,784,832 | ---- | M](C-Media Inc) -- D:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Stopped] )
DRV - [2001-08-17 22:13:08 | 00,027,165 | ---- | M](VIA Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Running] )
DRV - [2006-12-06 08:02:28 | 00,049,920 | R--- | M](HP) -- D:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped] )
DRV - [2006-12-06 08:02:28 | 00,016,496 | R--- | M](HP) -- D:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped] )
DRV - [2006-12-06 08:02:29 | 00,021,568 | R--- | M](HP) -- D:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped] )
DRV - [2004-03-03 22:30:54 | 00,005,504 | ---- | M](Ahead Software AG) -- D:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running] )
DRV - [2004-03-03 22:30:54 | 00,125,184 | ---- | M](Ahead Software AG) -- D:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running] )
DRV - [2009-02-18 14:41:10 | 00,186,128 | ---- | M](Kaspersky Lab) -- D:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running] )
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M](Parallel Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running] )
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M](Sonic Solutions) -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running] )
DRV - [2007-06-25 10:43:22 | 00,082,984 | ---- | M](MCCI Corporation) -- D:\WINDOWS\system32\DRIVERS\s117bus.sys -- (s117bus [On_Demand | Stopped] )
DRV - [2007-06-25 10:43:26 | 00,014,888 | ---- | M](MCCI Corporation) -- D:\WINDOWS\system32\DRIVERS\s117mdfl.sys -- (s117mdfl [On_Demand | Stopped] )
DRV - [2007-06-25 10:43:36 | 00,108,456 | ---- | M](MCCI Corporation) -- D:\WINDOWS\system32\DRIVERS\s117mdm.sys -- (s117mdm [On_Demand | Stopped] )
DRV - [2007-06-25 10:43:36 | 00,022,952 | ---- | M](MCCI Corporation) -- D:\WINDOWS\system32\DRIVERS\s117nd5.sys -- (s117nd5 [On_Demand | Stopped] )
DRV - [2007-06-25 10:43:38 | 00,098,344 | ---- | M](MCCI Corporation) -- D:\WINDOWS\system32\DRIVERS\s117obex.sys -- (s117obex [On_Demand | Stopped] )
DRV - [2007-06-25 10:43:36 | 00,098,856 | ---- | M](MCCI Corporation) -- D:\WINDOWS\system32\DRIVERS\s117unic.sys -- (s117unic [On_Demand | Stopped] )
DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M](Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped] )
DRV - [2009-02-28 03:06:09 | 00,717,296 | ---- | M]() -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running] )
DRV - [2007-03-01 11:34:22 | 00,028,352 | ---- | M](Avira GmbH) -- D:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running] )
DRV - [2009-02-02 22:19:22 | 00,025,600 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\usbsermptxp.sys -- (usbsermptxp [On_Demand | Stopped] )
DRV - [2003-12-19 15:47:08 | 00,133,632 | ---- | M](Copyright © VIA/S3 Graphics, Inc.) -- D:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running] )
DRV - [2004-03-17 09:22:58 | 00,117,248 | R--- | M](VIA Technologies, Inc.) -- D:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio [On_Demand | Running] )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Aby zobaczyć linki, zarejestruj się tutaj]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Aby zobaczyć linki, zarejestruj się tutaj]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Aby zobaczyć linki, zarejestruj się tutaj]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj] {SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [Aby zobaczyć linki, zarejestruj się tutaj] {SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [Aby zobaczyć linki, zarejestruj się tutaj] {SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Aby zobaczyć linki, zarejestruj się tutaj]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/"
FF - prefs.js..extensions.enabledItems: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:1.3.0.90
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-29 12:10:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-15 01:41:29 | 00,000,000 | ---D | M]
[2009-03-19 20:32:06 | 00,000,000 | ---D | M]-- D:\Documents and Settings\Ostafin\Dane aplikacji\mozilla\Extensions
[2009-03-19 20:32:06 | 00,000,000 | ---D | M]-- D:\Documents and Settings\Ostafin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-14 23:20:47 | 00,000,000 | ---D | M]-- D:\Documents and Settings\Ostafin\Dane aplikacji\mozilla\Firefox\Profiles\bgvgmlyz.default\extensions
[2009-03-19 20:52:57 | 00,000,000 | ---D | M]-- D:\Documents and Settings\Ostafin\Dane aplikacji\mozilla\Firefox\Profiles\bgvgmlyz.default\extensions\[email protected]
[2009-03-19 20:31:41 | 00,000,000 | ---D | M]-- D:\Program Files\mozilla firefox\extensions
[2009-04-29 12:10:44 | 00,000,000 | ---D | M]-- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-04-29 12:10:37 | 00,023,032 | ---- | M](Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-29 12:10:37 | 00,134,648 | ---- | M](Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006-06-03 18:43:22 | 00,000,896 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M]() -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O4 - HKLM..\Run: [avgnt]"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HP Software Update]D:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [MSConfig]D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck]D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task]"D:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched]"D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager]%SystemRoot%\system32\mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer]VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite]"D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu]"D:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.)
O4 - HKLM..\RunOnce: [Malwarebytes'' Anti-Malware]D:\Program Files\Malwarebytes'' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj] :\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra ''Tools'' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra ''Tools'' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Aby zobaczyć linki, zarejestruj się tutaj] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Aby zobaczyć linki, zarejestruj się tutaj] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Aby zobaczyć linki, zarejestruj się tutaj] (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Aby zobaczyć linki, zarejestruj się tutaj] (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter:- text/xml - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - [Aby zobaczyć linki, zarejestruj się tutaj]
O24 - Desktop Components:1 () - file:///D:/DOCUME~1/Ostafin/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:2 (Moja bieżąca strona główna) - About�Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-25 17:36:46 | 00,000,000 | ---- | M]() - C:\autoexec.osi -- [ FAT ]
O32 - AutoRun File - [2005-10-25 09:57:32 | 00,000,000 | ---- | M]() - C:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) -File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -File not found
========== Files/Folders - Created Within 30 Days ==========
[1 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2 D:\Documents and Settings\Ostafin\Pulpit\*.tmp files]
[2009-05-15 15:54:13 | 00,000,000 | ---D | C]-- D:\Documents and Settings\Ostafin\Dane aplikacji\Malwarebytes
[2009-05-15 15:54:10 | 00,000,696 | ---- | C]() -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes'' Anti-Malware.lnk
[2009-05-15 15:54:09 | 00,015,504 | ---- | C](Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2009-05-15 15:54:07 | 00,038,496 | ---- | C](Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-05-15 15:54:03 | 00,000,000 | ---D | C]-- D:\Program Files\Malwarebytes'' Anti-Malware
[2009-05-15 15:54:03 | 00,000,000 | ---D | C]-- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-05-15 15:53:06 | 02,967,800 | ---- | C](Malwarebytes Corporation) -- D:\Documents and Settings\Ostafin\Pulpit\mbam-setup.exe
[2009-05-15 15:52:24 | 00,501,248 | ---- | C](OldTimer Tools) -- D:\Documents and Settings\Ostafin\Pulpit\OTListIt2.exe
[2009-05-15 15:47:47 | 00,000,000 | ---D | C]-- D:\Documents and Settings\Ostafin\Pulpit\backups
[2009-05-15 02:07:01 | 00,000,000 | ---D | C]-- D:\WINDOWS\temp
[2009-05-15 01:38:58 | 00,212,480 | ---- | C](SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2009-05-15 01:38:58 | 00,161,792 | ---- | C](SteelWerX) -- D:\WINDOWS\SWREG.exe
[2009-05-15 01:38:58 | 00,136,704 | ---- | C](SteelWerX) -- D:\WINDOWS\SWSC.exe
[2009-05-15 01:38:58 | 00,117,248 | ---- | C]() -- D:\WINDOWS\vFind.exe
[2009-05-15 01:38:58 | 00,098,816 | ---- | C]() -- D:\WINDOWS\sed.exe
[2009-05-15 01:38:58 | 00,080,412 | ---- | C]() -- D:\WINDOWS\grep.exe
[2009-05-15 01:38:58 | 00,068,096 | ---- | C]() -- D:\WINDOWS\zip.exe
[2009-05-15 01:38:58 | 00,031,232 | ---- | C](NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2009-05-15 01:30:33 | 00,000,000 | ---D | C]-- D:\WINDOWS\System32\appmgmt
[2009-05-15 01:24:25 | 00,000,000 | ---D | C]-- D:\WINDOWS\ERDNT
[2009-05-15 01:23:33 | 00,000,000 | ---D | C]-- D:\Qoobox
[2009-05-15 01:22:49 | 02,988,491 | R--- | C]() -- D:\Documents and Settings\Ostafin\Pulpit\ComboFix.exe
[2009-05-15 01:21:39 | 00,218,112 | ---- | C](Soeperman Enterprises Ltd.) -- D:\Documents and Settings\Ostafin\Pulpit\HijackThis_v1.99.1.exe
[2009-05-15 01:19:25 | 00,901,408 | -HS- | C]() -- D:\WINDOWS\System32\drivers\fidbox.dat
[2009-05-15 01:19:25 | 00,013,052 | -HS- | C]() -- D:\WINDOWS\System32\drivers\fidbox.idx
[2009-05-15 01:19:25 | 00,011,552 | -HS- | C]() -- D:\WINDOWS\System32\drivers\fidbox2.dat
[2009-05-15 01:19:25 | 00,001,844 | -HS- | C]() -- D:\WINDOWS\System32\drivers\fidbox2.idx
[2009-05-15 01:14:18 | 00,002,691 | ---- | C]() -- D:\rollback.ini
[2009-05-15 01:11:49 | 00,186,128 | ---- | C](Kaspersky Lab) -- D:\WINDOWS\System32\drivers\klif.sys
[2009-05-15 00:59:38 | 00,000,000 | ---D | C]-- D:\Program Files\Common Files\ParetoLogic
[2009-05-15 00:59:38 | 00,000,000 | ---D | C]-- D:\Documents and Settings\All Users\Dane aplikacji\ParetoLogic Anti-Virus PLUS
[2009-05-12 15:30:32 | 00,005,632 | -HS- | C]() -- D:\Documents and Settings\Ostafin\Pulpit\Thumbs.db
[2009-05-12 15:22:50 | 00,030,611 | ---- | C]() -- D:\Documents and Settings\Ostafin\Pulpit\skanuj0003.jpg
[2009-05-06 19:01:53 | 00,000,000 | ---D | C]-- D:\Documents and Settings\Ostafin\Dane aplikacji\Media Player Classic
[2009-04-16 13:02:36 | 00,014,848 | ---- | C](Microsoft Corporation) -- D:\WINDOWS\System32\drivers\kbdhid.sys
[2009-04-16 13:02:36 | 00,014,848 | ---- | C](Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbdhid.sys
[2009-03-22 15:53:03 | 00,168,448 | ---- | C]() -- D:\WINDOWS\System32\unrar.dll
[2009-03-22 15:53:00 | 00,795,648 | ---- | C]() -- D:\WINDOWS\System32\xvidcore.dll
[2009-03-22 15:53:00 | 00,130,048 | ---- | C]() -- D:\WINDOWS\System32\xvidvfw.dll
[2009-03-22 15:52:57 | 00,067,584 | ---- | C]() -- D:\WINDOWS\System32\ff_vfw.dll
[2009-03-22 15:52:57 | 00,000,547 | ---- | C]() -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-02-28 03:06:09 | 00,717,296 | ---- | C]() -- D:\WINDOWS\System32\drivers\sptd.sys
[2008-09-19 23:57:34 | 03,596,288 | ---- | C]() -- D:\WINDOWS\System32\qt-dx331.dll
[2008-09-19 23:55:10 | 00,000,416 | ---- | C]() -- D:\WINDOWS\System32\dtu100.dll.manifest
[2008-09-19 23:55:10 | 00,000,416 | ---- | C]() -- D:\WINDOWS\System32\dpl100.dll.manifest
[2008-07-23 23:11:06 | 00,000,221 | ---- | C]() -- D:\WINDOWS\NCLogConfig.ini
[2008-01-25 23:27:55 | 00,000,078 | ---- | C]() -- D:\WINDOWS\psuite.ini
[2008-01-25 23:16:50 | 00,000,037 | ---- | C]() -- D:\WINDOWS\progman.ini
[2008-01-25 23:16:31 | 00,000,030 | ---- | C]() -- D:\WINDOWS\readiris.ini
[2008-01-25 18:36:43 | 00,000,000 | ---- | C]() -- D:\WINDOWS\pifmaker.INI
[2008-01-22 13:38:35 | 00,000,049 | ---- | C]() -- D:\WINDOWS\NeroDigital.ini
[2008-01-17 20:18:18 | 00,036,864 | ---- | C]() -- D:\WINDOWS\System32\UnAudioNT.dll
[2008-01-17 20:16:35 | 00,000,092 | ---- | C]() -- D:\WINDOWS\CMISETUP.INI
[2008-01-17 20:16:33 | 00,000,026 | ---- | C]() -- D:\WINDOWS\CMCDPLAY.INI
[2008-01-17 20:16:31 | 00,000,010 | ---- | C]() -- D:\WINDOWS\Wininit.ini
[2008-01-17 20:16:22 | 00,028,672 | ---- | C]() -- D:\WINDOWS\CMIRmDriver.dll
[2007-07-16 09:30:48 | 00,000,421 | ---- | C]() -- D:\WINDOWS\ODBC.INI
[2005-04-27 20:38:00 | 00,372,736 | ---- | C]() -- D:\WINDOWS\System32\hpzidi01.dll
[2003-02-18 19:26:28 | 00,028,672 | ---- | C]() -- D:\WINDOWS\System32\cmirmdrv.dll
[2001-07-22 00:16:20 | 00,000,727 | ---- | C]() -- D:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,227 | ---- | C]() -- D:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[1 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2 D:\Documents and Settings\Ostafin\Pulpit\*.tmp files]
[2009-05-15 15:54:37 | 00,901,408 | -HS- | M]() -- D:\WINDOWS\System32\drivers\fidbox.dat
[2009-05-15 15:54:10 | 00,000,696 | ---- | M]() -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes'' Anti-Malware.lnk
[2009-05-15 15:53:46 | 02,967,800 | ---- | M](Malwarebytes Corporation) -- D:\Documents and Settings\Ostafin\Pulpit\mbam-setup.exe
[2009-05-15 15:52:27 | 00,501,248 | ---- | M](OldTimer Tools) -- D:\Documents and Settings\Ostafin\Pulpit\OTListIt2.exe
[2009-05-15 15:51:07 | 00,000,062 | -HS- | M]() -- D:\Documents and Settings\Ostafin\Ustawienia lokalne\desktop.ini
[2009-05-15 15:51:07 | 00,000,006 | -H-- | M]() -- D:\WINDOWS\tasks\SA.DAT
[2009-05-15 15:51:05 | 00,002,048 | --S- | M]() -- D:\WINDOWS\bootstat.dat
[2009-05-15 15:50:08 | 00,000,727 | ---- | M]() -- D:\WINDOWS\win.ini
[2009-05-15 15:50:08 | 00,000,227 | ---- | M]() -- D:\WINDOWS\system.ini
[2009-05-15 15:44:00 | 00,013,052 | -HS- | M]() -- D:\WINDOWS\System32\drivers\fidbox.idx
[2009-05-15 15:44:00 | 00,011,552 | -HS- | M]() -- D:\WINDOWS\System32\drivers\fidbox2.dat
[2009-05-15 15:44:00 | 00,001,844 | -HS- | M]() -- D:\WINDOWS\System32\drivers\fidbox2.idx
[2009-05-15 02:02:06 | 00,000,027 | ---- | M]() -- D:\WINDOWS\System32\drivers\etc\hosts
[2009-05-15 01:23:01 | 02,988,491 | R--- | M]() -- D:\Documents and Settings\Ostafin\Pulpit\ComboFix.exe
[2009-05-15 01:21:40 | 00,218,112 | ---- | M](Soeperman Enterprises Ltd.) -- D:\Documents and Settings\Ostafin\Pulpit\HijackThis_v1.99.1.exe
[2009-05-15 01:14:19 | 00,002,691 | ---- | M]() -- D:\rollback.ini
[2009-05-15 00:46:13 | 00,000,169 | --S- | M]() -- D:\WINDOWS\System32\2776990058.dat
[2009-05-14 17:50:08 | 00,117,248 | ---- | M]() -- D:\WINDOWS\vFind.exe
[2009-05-12 15:30:34 | 00,005,632 | -HS- | M]() -- D:\Documents and Settings\Ostafin\Pulpit\Thumbs.db
[2009-05-12 15:25:16 | 00,030,611 | ---- | M]() -- D:\Documents and Settings\Ostafin\Pulpit\skanuj0003.jpg
[2009-05-07 09:16:29 | 24,699,336 | ---- | M](Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe
[2009-05-06 20:38:29 | 00,000,049 | ---- | M]() -- D:\WINDOWS\NeroDigital.ini
[2009-05-06 16:10:28 | 00,002,206 | ---- | M]() -- D:\WINDOWS\System32\wpa.dbl
[2009-04-20 12:56:28 | 00,031,232 | ---- | M](NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2009-04-18 19:47:03 | 00,000,284 | ---- | M]() -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-17 19:14:43 | 00,984,778 | ---- | M]() -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-17 19:14:43 | 00,448,004 | ---- | M]() -- D:\WINDOWS\System32\perfh015.dat
[2009-04-17 19:14:43 | 00,392,296 | ---- | M]() -- D:\WINDOWS\System32\perfh009.dat
[2009-04-17 19:14:43 | 00,074,230 | ---- | M]() -- D:\WINDOWS\System32\perfc015.dat
[2009-04-17 19:14:43 | 00,058,596 | ---- | M]() -- D:\WINDOWS\System32\perfc009.dat
[2009-04-16 23:36:19 | 00,001,374 | ---- | M]() -- D:\WINDOWS\imsins.BAK
< End of report >
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Usuń ten folder.
Nic już nie widzę.
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 3
Liczba wątków: 1
Dołączył: 15.05.2009
Reputacja:
0
Dzieki wielkie Serafin za pomoc pozdrawiam serdecznie 
|
