Wirusy Ad-aware i trojany prosze o pomoc

Dziobak_pl · 25 Listopad 2007 20:34

Czesc Wam mam rpblem od 2 dni z jakimis wirusami zaatakowały mi kompa i ciagle sie instaluja od nowa co je usune to mi wyskakuje w avascie ze zarazony a wirusy to Win32:Adware-gen[Adw] i Win32:Zolber[Drp] i Win32:Agent-LTS[Adw] prosze o pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:30, on 2007-11-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\1032\dll\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Alwil Software\Avast4\ashLogV.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.silkroadonline.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {54C8BDC1-9461-45E4-91D6-5892806237C5} - (no file) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O2 - BHO: (no name) - {EBED81A1-A79C-4BD3-B6EB-60773BB9AC3F} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [avast!] “C:\Program Files\Alwil Software\Avast4\ashDisp.exe” O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” O4 - HKCU…\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [XPRepairBusiness] C:\Program Files\XP Repair Pro\xprepairpro.exe /s O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra ‘Tools’ menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra ‘Tools’ menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra ‘Tools’ menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup … 5551609734 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 5551600890 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip…{2A03FA44-2B6F-4DF9-8011-1CBC84A3E9A7}: NameServer = 85.255.114.44 85.255.112.180 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: mllmm - C:\WINDOWS\ O21 - SSODL: rmvgor - {7DEB908A-7EB0-44EC-9B36-93604455EAEF} - C:\WINDOWS\rmvgor.dll O21 - SSODL: sapnet - {46936696-F639-4658-92CD-71DB809FAA16} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:\WINDOWS\system32\1032\dll\svchost.exe

–

End of file - 10729 bytes

o to log z HijackThis

Złączono Posta : 25.11.2007 (Nie) 21:54

dolanczam jeszcze 1 log z innego programu

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys R1 NPPTNT2 - c:\windows\system32\npptnt2.sys R2 SetupNT - c:\windows\system32\setupnt.sys R3 catchme - c:\docume~1\userus~1.000\ustawi~1\temp\catchme.sys (file missing) R3 cFosSpeed (cFosSpeed Miniport) - c:\windows\system32\drivers\cfosspeed.sys S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 cFosSpeedS (cFosSpeed System Service) - “c:\program files\cfosspeed\spd.exe” -service R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - “c:\program files\cyberlink\shared files\richvideo.exe” R2 windowsinstaller (Installator Windows) - c:\windows\system32\1032\dll\svchost.exe -daemon – Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&15AD0A2&0&01 Manufacturer: Nvidia Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&15AD0A2&0&01 Service: NVENETFD – Files created between 2007-10-25 and 2007-11-25 ----------------------------- 2007-11-25 21:13:38 0 d-------- C:\Program Files\Trend Micro 2007-11-25 10:56:41 0 dr-h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Recent 2007-11-24 16:18:53 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-24 10:59:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-23 18:39:21 0 d-------- C:\Program Files\SkanerOnline 2007-11-22 18:34:48 229376 --a------ C:\WINDOWS\rmvgor.dll 2007-11-22 18:34:48 81920 --a------ C:\WINDOWS\nethop.exe 2007-11-21 19:12:27 0 d-------- C:\Program Files\Softnyx 2007-11-18 17:06:32 0 d-------- C:\My Downloads 2007-11-10 11:20:17 0 d-------- C:\Default Profile 2007-11-10 10:16:47 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Application Data\Microsoft 2007-11-10 10:16:34 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Application Data 2007-11-10 09:58:39 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Gadu-Gadu 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Ustawienia lokalne 2007-11-10 09:42:38 0 dr------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Ulubione 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Szablony 2007-11-10 09:42:38 0 dr-h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\SendTo 2007-11-10 09:42:38 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Pulpit 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\PrintHood 2007-11-10 09:42:38 3145728 --ah----- C:\Documents and Settings\User.USER-C4418C3FA9.000\NTUSER.DAT 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\NetHood 2007-11-10 09:42:38 0 dr------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Moje dokumenty 2007-11-10 09:42:38 0 dr------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start 2007-11-10 09:42:38 0 dr-h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji 2007-11-10 09:42:38 0 d–hs---- C:\Documents and Settings\User.USER-C4418C3FA9.000\Cookies 2007-11-10 09:39:59 0 d-------- C:\WINDOWS\system32\NtmsData 2007-11-09 20:22:27 5857280 --a------ C:\Documents and Settings\User\ntuser.dat 2007-11-05 22:00:35 0 d-------- C:\Documents and Settings\User\Application Data\Microsoft – Find3M Report --------------------------------------------------------------- 2007-11-25 21:40:16 0 d-------- C:\Program Files\cFosSpeed 2007-11-25 12:00:52 0 d-------- C:\Program Files\Common Files 2007-11-24 16:18:53 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\SUPERAntiSpyware.com 2007-11-24 13:20:51 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\BearShare 2007-11-24 12:19:18 0 d-------- C:\Program Files\CCleaner 2007-11-24 12:19:01 0 d-------- C:\Program Files\Yahoo! 2007-11-24 10:57:52 0 d-------- C:\Program Files\ActivationManager 2007-11-24 10:56:08 0 d-------- C:\Program Files\Winamp 2007-11-24 09:36:16 0 d-------- C:\Program Files\XP Repair Pro 2007-11-23 18:33:31 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Lavasoft 2007-11-22 22:40:09 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Gadu-Gadu 2007-11-22 22:18:15 0 d-------- C:\Program Files\Gadu-Gadu 2007-11-20 19:51:50 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Adobe 2007-11-18 22:17:06 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Skype 2007-11-18 17:09:50 0 d-------- C:\Program Files\eMule 2007-11-17 22:38:21 0 d-------- C:\Program Files\DivX 2007-11-17 18:44:10 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Media Player Classic 2007-11-13 22:24:19 0 d-------- C:\Program Files\Silkroad 2007-11-10 12:27:38 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Sun 2007-11-10 10:01:53 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Macromedia 2007-11-10 09:56:31 0 d-------- C:\Program Files\Valve 2007-11-10 09:45:58 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Avant Profiles 2007-11-10 09:43:35 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Identities 2007-11-06 07:14:20 0 d-------- C:\Program Files\Thoosje Sidebar 2.2 2007-10-29 14:44:34 358702 --a------ C:\WINDOWS\system32\perfh015.dat 2007-10-29 14:44:34 50748 --a------ C:\WINDOWS\system32\perfc015.dat 2007-10-23 19:23:06 0 d-------- C:\Program Files\eSkiMoS R2 2007-10-23 19:09:36 0 d-------- C:\Program Files\Winamp Toolbar 2007-10-19 20:56:37 0 d-------- C:\Program Files\GameTop.com 2007-10-16 13:56:39 0 d-------- C:\Program Files\Java 2007-10-15 06:08:27 0 d-------- C:\Program Files\Avant Browser 2007-10-14 09:07:30 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.1 2007-10-12 20:02:42 0 d-------- C:\Program Files\Return to Castle Wolfenstein 2007-10-10 17:35:11 0 d-------- C:\Program Files\EA GAMES 2007-09-29 13:21:11 29692 --a-----t C:\WINDOWS\system32\sintfnt.dll 2007-09-29 13:21:11 17828 --a-----t C:\WINDOWS\system32\sintf32.dll 2007-09-29 13:21:11 12066 --a-----t C:\WINDOWS\system32\sintf16.dll 2007-09-29 12:52:49 0 d-------- C:\Program Files\Shadow Man 2007-09-29 12:31:55 0 d-------- C:\Program Files\Acclaim Entertainment 2007-09-25 18:53:37 0 d-------- C:\Program Files\SystemRequirementsLab 2007-09-09 12:02:40 3615 --a------ C:\WINDOWS\mozver.dat – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{54C8BDC1-9461-45E4-91D6-5892806237C5}] [HKEY_LOCAL_MACHINE~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-11-05 11:51 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{EBED81A1-A79C-4BD3-B6EB-60773BB9AC3F}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [-HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2007-09-06 11:06] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-09-28 16:26] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2007-09-15 07:11] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “XPRepairBusiness”=“C:\Program Files\XP Repair Pro\xprepairpro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54] C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-08-13 18:23:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “rmvgor”= {7DEB908A-7EB0-44EC-9B36-93604455EAEF} - C:\WINDOWS\rmvgor.dll [2007-11-22 13:28 229376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-03-13 10:57 221184 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32IVKT Agent] C:\WINDOWS\system32IVKT.exe

– End of Deckard’s System Scanner: finished at 2007-11-25 21:50:10 ------------

Gutek · 25 Listopad 2007 22:25

O2 - BHO: (no name) - {54C8BDC1-9461-45E4-91D6-5892806237C5} - (no file) O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: (no name) - {EBED81A1-A79C-4BD3-B6EB-60773BB9AC3F} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O17 - HKLM\System\CCS\Services\Tcpip…{2A03FA44-2B6F-4DF9-8011-1CBC84A3E9A7}: NameServer = 85.255.114.44 85.255.112.180 O20 - Winlogon Notify: mllmm - C:\WINDOWS\ O21 - SSODL: rmvgor - {7DEB908A-7EB0-44EC-9B36-93604455EAEF} - C:\WINDOWS\rmvgor.dll O21 - SSODL: sapnet - {46936696-F639-4658-92CD-71DB809FAA16} - (no file) O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:\WINDOWS\system32\1032\dll\svchost.exe

wpisy usuń HJT

Start do trybu awaryjnego.
Otworzyć linię komend Start >>> Uruchom >>> cmd i wpisać:

Użyj FixWareOut - http://downloads.subratam.org/Fixwareout.exe

Pobierz program SDFix

Dziobak_pl · 26 Listopad 2007 14:56

SDFix: Version 1.115 Run by User on 2007-11-26 at 15:47 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\nethop.exe - Deleted C:\WINDOWS\rmvgor.dll - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-26 15:51:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Avant Browser\avant.exe”=“C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser” “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 10 Jul 2007 211 …SH. — “C:\BOOT.BAK” Tue 10 Apr 2007 490,745 …SH. — “C:\WINDOWS\system32\mmllm.tmp” Tue 13 Jun 2006 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Wed 28 Feb 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp” Sat 13 Nov 2004 37,376 …H. — “C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe” Thu 20 Sep 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\8d097da1e8c89a333191843e23dfc161\BIT8.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10.tmp” Thu 22 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT100.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT101.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT102.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT103.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT104.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT105.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT106.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT107.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT108.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT109.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10B.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10C.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT10F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT110.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT111.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT112.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT113.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT114.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT115.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT116.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT117.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT118.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT119.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11D.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT11F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT120.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT121.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT122.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT123.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT124.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT125.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT126.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT127.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT128.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT129.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12B.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT12F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT130.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT131.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT132.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT133.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT134.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT135.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT136.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT137.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT138.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT139.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT13F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT140.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT141.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT142.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT143.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT144.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT145.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT146.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT147.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT148.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT149.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14C.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT14F.tmp” Thu 22 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT150.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT151.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT152.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT153.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT154.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT155.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT156.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT157.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT158.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT159.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT15F.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT160.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT161.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT162.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT163.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT164.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT165.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT166.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT167.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT168.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT169.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT16F.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT170.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT171.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT172.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT173.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT174.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT175.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT176.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT177.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT178.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT179.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT17F.tmp” Thu 22 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT180.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT181.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT182.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT183.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT184.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT185.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT186.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT187.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT188.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT189.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18A.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18C.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18D.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18E.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT18F.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT190.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT191.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT192.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT193.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT194.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT195.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT196.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT197.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT198.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT199.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19A.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19C.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19D.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19E.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT19F.tmp” Sun 25 Nov 2007 326,502 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A0.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A1.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A2.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A3.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A4.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A5.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A6.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A7.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A8.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1A9.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1AA.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1AB.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1AC.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1AD.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1AE.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1AF.tmp” Wed 8 Aug 2007 85,946 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B0.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B1.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B2.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B3.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B4.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B5.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B6.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B7.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B8.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1B9.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1BA.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1BB.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1BC.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1BD.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1BE.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1BF.tmp” Sun 25 Nov 2007 310,972 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C0.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C1.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C2.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C3.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C4.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C5.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C6.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C7.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C8.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1C9.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1CA.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1CB.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1CC.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1CD.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1CE.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1CF.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D0.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D1.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D2.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D3.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D4.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D5.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D6.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D7.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D8.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1D9.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1DA.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1DB.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1DC.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1DD.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1DE.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1DF.tmp” Sat 13 Oct 2007 317,904 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E0.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E1.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E2.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E3.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E4.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E5.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E6.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E7.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E8.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1E9.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1EA.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1EB.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1EC.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1ED.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1EE.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1EF.tmp” Sun 25 Nov 2007 310,972 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F0.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F1.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F2.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F3.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F4.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F5.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F6.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F7.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F8.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1F9.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1FA.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1FB.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1FC.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1FD.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1FE.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT1FF.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT2.tmp” Sat 13 Oct 2007 326,491 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT200.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT201.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT202.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT203.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT204.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT205.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT206.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT207.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT208.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT209.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT20F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT210.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT211.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT212.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT213.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT214.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT215.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT216.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT217.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT218.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT219.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21C.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT21F.tmp” Sun 25 Nov 2007 310,972 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT220.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT221.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT222.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT223.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT224.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT225.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT226.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT227.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT228.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT229.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22D.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT22F.tmp” Sat 13 Oct 2007 303,242 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT230.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT231.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT232.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT233.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT234.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT235.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT236.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT237.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT238.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT239.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23D.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23E.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT23F.tmp” Sun 25 Nov 2007 310,447 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT240.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT241.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT242.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT243.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT244.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT245.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT246.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT247.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT248.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT249.tmp” Wed 8 Aug 2007 85,946 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24C.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24D.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24E.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT24F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT250.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT251.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT252.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT253.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT254.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT255.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT256.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT257.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT258.tmp” Fri 23 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT259.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25C.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25D.tmp” Wed 8 Aug 2007 85,946 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25E.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT25F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT260.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT261.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT262.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT263.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT264.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT265.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT266.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT267.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT268.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT269.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26A.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26B.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26C.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26D.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26E.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT26F.tmp” Thu 22 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT270.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT271.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT272.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT273.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT274.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT275.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT276.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT277.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT278.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT279.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27A.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27C.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27D.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27E.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT27F.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT280.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT281.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT282.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT283.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT284.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT285.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT286.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT287.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT288.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT289.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28A.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28C.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28D.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28E.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT28F.tmp” Fri 23 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT29.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT290.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT291.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT292.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT293.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT294.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT295.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT296.tmp” Sat 24 Nov 2007 388,090 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT297.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT298.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT299.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT29A.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT29B.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT29C.tmp” Sat 24 Nov 2007 0 A…H. — “C:\Deckard\System Scanner\backup\DOCUME~1\USERUS~1.000\USTAWI~1\Temp\BIT29D.tmp”

Gutek · 26 Listopad 2007 18:12

Usuń folder "C:\Deckard\System Scanner\ backup

Daj nowy log z Combo, albo z Deckard

Dziobak_pl · 26 Listopad 2007 18:58

Deckard’s System Scanner v20071014.68 Run by User on 2007-11-26 19:53:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as User.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53, on 2007-11-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\1032\dll\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Winamp\winamp.exe F:\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.silkroadonline.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [avast!] “C:\Program Files\Alwil Software\Avast4\ashDisp.exe” O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” O4 - HKCU…\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [XPRepairBusiness] C:\Program Files\XP Repair Pro\xprepairpro.exe /s O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra ‘Tools’ menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra ‘Tools’ menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra ‘Tools’ menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup … 5551609734 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 5551600890 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip…{2A03FA44-2B6F-4DF9-8011-1CBC84A3E9A7}: NameServer = 85.255.114.44 85.255.112.180 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:\WINDOWS\system32\1032\dll\svchost.exe – End of file - 9594 bytes – Files created between 2007-10-26 and 2007-11-26 ----------------------------- 2007-11-26 19:46:30 0 dr-h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Recent 2007-11-26 16:03:52 0 d-------- C:\xp_simulation_setup 2007-11-26 15:47:41 0 d-------- C:\WINDOWS\ERUNT 2007-11-25 21:13:38 0 d-------- C:\Program Files\Trend Micro 2007-11-24 16:18:53 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-24 10:59:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-23 18:39:21 0 d-------- C:\Program Files\SkanerOnline 2007-11-21 19:12:27 0 d-------- C:\Program Files\Softnyx 2007-11-18 17:06:32 0 d-------- C:\My Downloads 2007-11-10 11:20:17 0 d-------- C:\Default Profile 2007-11-10 10:16:47 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Application Data\Microsoft 2007-11-10 10:16:34 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Application Data 2007-11-10 09:58:39 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Gadu-Gadu 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Ustawienia lokalne 2007-11-10 09:42:38 0 dr------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Ulubione 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Szablony 2007-11-10 09:42:38 0 dr-h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\SendTo 2007-11-10 09:42:38 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Pulpit 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\PrintHood 2007-11-10 09:42:38 3145728 --ah----- C:\Documents and Settings\User.USER-C4418C3FA9.000\NTUSER.DAT 2007-11-10 09:42:38 0 d–h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\NetHood 2007-11-10 09:42:38 0 dr------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Moje dokumenty 2007-11-10 09:42:38 0 dr------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start 2007-11-10 09:42:38 0 dr-h----- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji 2007-11-10 09:42:38 0 d–hs---- C:\Documents and Settings\User.USER-C4418C3FA9.000\Cookies 2007-11-10 09:39:59 0 d-------- C:\WINDOWS\system32\NtmsData 2007-11-09 20:22:27 5857280 --a------ C:\Documents and Settings\User\ntuser.dat 2007-11-05 22:00:35 0 d-------- C:\Documents and Settings\User\Application Data\Microsoft – Find3M Report --------------------------------------------------------------- 2007-11-26 19:53:08 0 d-------- C:\Program Files\cFosSpeed 2007-11-26 16:41:35 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\CyberLink 2007-11-25 12:00:52 0 d-------- C:\Program Files\Common Files 2007-11-24 16:18:53 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\SUPERAntiSpyware.com 2007-11-24 13:20:51 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\BearShare 2007-11-24 12:19:18 0 d-------- C:\Program Files\CCleaner 2007-11-24 12:19:01 0 d-------- C:\Program Files\Yahoo! 2007-11-24 10:57:52 0 d-------- C:\Program Files\ActivationManager 2007-11-24 10:56:08 0 d-------- C:\Program Files\Winamp 2007-11-24 09:36:16 0 d-------- C:\Program Files\XP Repair Pro 2007-11-23 18:33:31 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Lavasoft 2007-11-22 22:40:09 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Gadu-Gadu 2007-11-22 22:18:15 0 d-------- C:\Program Files\Gadu-Gadu 2007-11-20 19:51:50 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Adobe 2007-11-18 22:17:06 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Skype 2007-11-18 17:09:50 0 d-------- C:\Program Files\eMule 2007-11-17 22:38:21 0 d-------- C:\Program Files\DivX 2007-11-17 18:44:10 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Media Player Classic 2007-11-13 22:24:19 0 d-------- C:\Program Files\Silkroad 2007-11-10 12:27:38 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Sun 2007-11-10 10:01:53 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Macromedia 2007-11-10 09:56:31 0 d-------- C:\Program Files\Valve 2007-11-10 09:45:58 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Avant Profiles 2007-11-10 09:43:35 0 d-------- C:\Documents and Settings\User.USER-C4418C3FA9.000\Dane aplikacji\Identities 2007-11-06 07:14:20 0 d-------- C:\Program Files\Thoosje Sidebar 2.2 2007-10-29 14:44:34 358702 --a------ C:\WINDOWS\system32\perfh015.dat 2007-10-29 14:44:34 50748 --a------ C:\WINDOWS\system32\perfc015.dat 2007-10-23 19:23:06 0 d-------- C:\Program Files\eSkiMoS R2 2007-10-23 19:09:36 0 d-------- C:\Program Files\Winamp Toolbar 2007-10-19 20:56:37 0 d-------- C:\Program Files\GameTop.com 2007-10-16 13:56:39 0 d-------- C:\Program Files\Java 2007-10-15 06:08:27 0 d-------- C:\Program Files\Avant Browser 2007-10-14 09:07:30 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.1 2007-10-12 20:02:42 0 d-------- C:\Program Files\Return to Castle Wolfenstein 2007-10-10 17:35:11 0 d-------- C:\Program Files\EA GAMES 2007-09-29 13:21:11 29692 --a-----t C:\WINDOWS\system32\sintfnt.dll 2007-09-29 13:21:11 17828 --a-----t C:\WINDOWS\system32\sintf32.dll 2007-09-29 13:21:11 12066 --a-----t C:\WINDOWS\system32\sintf16.dll 2007-09-29 12:52:49 0 d-------- C:\Program Files\Shadow Man 2007-09-29 12:31:55 0 d-------- C:\Program Files\Acclaim Entertainment 2007-09-09 12:02:40 3615 --a------ C:\WINDOWS\mozver.dat – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [-HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2007-09-06 11:06] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-09-28 16:26] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2007-09-15 07:11] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “XPRepairBusiness”=“C:\Program Files\XP Repair Pro\xprepairpro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54] C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-08-13 18:23:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-03-13 10:57 221184 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32IVKT Agent] C:\WINDOWS\system32IVKT.exe – End of Deckard’s System Scanner: finished at 2007-11-26 19:54:00 ------------

Gutek · 26 Listopad 2007 19:12

to nie wiem co jest -gdzieś widziłem, ale…

C:\WINDOWS\ system32IVKT.exe przeskanuj plik na http://virusscan.jotti.org/

usuń wpis HJT i Użyj FixWareOut - http://downloads.subratam.org/Fixwareout.exe

Start do trybu awaryjnego.
Otworzyć linię komend Start >>> Uruchom >>> cmd i wpisać:

SC STOP windowsinstaller

SC DELETE windowsinstaller

RD /S /Q C:\WINDOWS\system32\1032

Dziobak_pl · 26 Listopad 2007 19:41

ale jak wpisuje to w awaryjnym to nie chce działas jakis faild wyskakuje spróbóje jeszcze raz ale nie wiem co jest

Złączono Posta : 26.11.2007 (Pon) 20:45

ale dziwne a tego C:\WINDOWS\system32IVKT.exe to nie ma xD nie moze odczytac wogole takie sciezki nie ma pliku tez nie mogłem znalezc :o

Gutek · 26 Listopad 2007 22:47

Nowy log z HJT, spróbuj - Daj log z ComboFix

Dziobak_pl · 27 Listopad 2007 13:41

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41, on 2007-11-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\1032\dll\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.silkroadonline.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [avast!] “C:\Program Files\Alwil Software\Avast4\ashDisp.exe” O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” O4 - HKCU…\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [XPRepairBusiness] C:\Program Files\XP Repair Pro\xprepairpro.exe /s O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra ‘Tools’ menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra ‘Tools’ menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra ‘Tools’ menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup … 5551609734 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 5551600890 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip…{2A03FA44-2B6F-4DF9-8011-1CBC84A3E9A7}: NameServer = 85.255.114.44 85.255.112.180 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:\WINDOWS\system32\1032\dll\svchost.exe – End of file - 10199 bytes

Złączono Posta : 27.11.2007 (Wto) 14:49

ComboFix 07-11-19.3 - User 2007-11-27 14:44:02.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.231 [GMT 1:00] Running from: C:\Documents and Settings\User.USER-C4418C3FA9.000\Moje dokumenty\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-26 21:23 2007-11-26 16:41 2007-11-26 16:03 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-25 21:13 2007-11-24 16:19 2007-11-24 16:18 2007-11-24 16:18 2007-11-24 15:44 2007-11-24 10:59 2007-11-24 10:59 2007-11-24 09:25 2007-11-23 20:43 2007-11-23 18:39 2007-11-23 18:33 2007-11-22 22:40 2007-11-21 19:12 2007-11-18 17:23 2007-11-17 18:44 2007-11-14 15:53 8,488,960 -----c— C:\WINDOWS\system32\dllcache\shell32.dll 2007-11-10 09:58 2007-11-10 09:45 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:39 2007-11-10 09:16 2007-11-10 09:13 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 13:46 --------- d-----w C:\Program Files\cFosSpeed 2007-11-24 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-24 11:19 --------- d-----w C:\Program Files\Yahoo! 2007-11-24 11:19 --------- d-----w C:\Program Files\CCleaner 2007-11-24 09:57 --------- d-----w C:\Program Files\ActivationManager 2007-11-24 09:56 --------- d-----w C:\Program Files\Winamp 2007-11-24 08:36 --------- d-----w C:\Program Files\XP Repair Pro 2007-11-22 21:18 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-18 16:09 --------- d-----w C:\Program Files\eMule 2007-11-17 21:38 --------- d-----w C:\Program Files\DivX 2007-11-13 21:24 --------- d-----w C:\Program Files\Silkroad 2007-11-10 08:56 --------- d-----w C:\Program Files\Valve 2007-11-06 06:14 --------- d-----w C:\Program Files\Thoosje Sidebar 2.2 2007-11-03 10:19 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent 2007-10-23 18:23 --------- d-----w C:\Program Files\eSkiMoS R2 2007-10-23 18:09 --------- d-----w C:\Program Files\Winamp Toolbar 2007-10-23 18:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2007-10-19 19:56 --------- d-----w C:\Program Files\GameTop.com 2007-10-17 18:20 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\eSkiMoS R2 2007-10-16 12:56 --------- d-----w C:\Program Files\Java 2007-10-15 05:08 --------- d-----w C:\Program Files\Avant Browser 2007-10-14 08:07 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.1 2007-10-12 19:02 --------- d-----w C:\Program Files\Return to Castle Wolfenstein 2007-10-10 16:35 --------- d-----w C:\Program Files\EA GAMES 2007-09-29 11:52 --------- d-----w C:\Program Files\Shadow Man 2007-09-29 11:31 --------- d-----w C:\Program Files\Acclaim Entertainment 2007-05-12 06:32 577,349 --sh–w C:\WINDOWS\system32\mmllm.bak1 2007-05-14 17:04 576,333 --sh–w C:\WINDOWS\system32\mmllm.bak2 2007-05-14 21:05 579,324 --sh–w C:\WINDOWS\system32\mmllm.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2007-09-15 07:11] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “XPRepairBusiness”=“C:\Program Files\XP Repair Pro\xprepairpro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2007-09-06 11:06] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-09-28 16:26] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\User\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-08-13 18:23:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-03-13 10:57 221184 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32IVKT Agent] C:\WINDOWS\system32IVKT.exe R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys R2 windowsinstaller;Installator Windows;C:\WINDOWS\system32\1032\dll\svchost.exe -daemon . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 14:46:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 14:47:39 - machine was rebooted . — E O F —

Złączono Posta : 27.11.2007 (Wto) 14:51

prosze te logi o które prosiłes xD

Gutek · 27 Listopad 2007 23:52

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Dziobak_pl · 28 Listopad 2007 14:32

ComboFix 07-11-19.3 - User 2007-11-28 15:29:56.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.170 [GMT 1:00] Running from: F:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-26 21:23 2007-11-26 16:41 2007-11-26 16:03 2007-11-26 15:47 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-25 21:48 2007-11-25 21:13 2007-11-24 16:19 2007-11-24 16:18 2007-11-24 16:18 2007-11-24 15:44 2007-11-24 10:59 2007-11-24 10:59 2007-11-24 09:25 2007-11-23 20:43 2007-11-23 18:39 2007-11-23 18:33 2007-11-22 22:40 2007-11-21 19:12 2007-11-18 17:23 2007-11-18 17:06 2007-11-17 18:44 2007-11-14 15:53 8,488,960 -----c— C:\WINDOWS\system32\dllcache\shell32.dll 2007-11-10 11:20 2007-11-10 09:58 2007-11-10 09:45 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:39 2007-11-10 09:16 2007-11-10 09:13 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 14:27 --------- d-----w C:\Program Files\cFosSpeed 2007-11-28 14:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-24 11:19 --------- d-----w C:\Program Files\Yahoo! 2007-11-24 11:19 --------- d-----w C:\Program Files\CCleaner 2007-11-24 09:57 --------- d-----w C:\Program Files\ActivationManager 2007-11-24 09:56 --------- d-----w C:\Program Files\Winamp 2007-11-24 08:36 --------- d-----w C:\Program Files\XP Repair Pro 2007-11-22 21:18 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-18 16:09 --------- d-----w C:\Program Files\eMule 2007-11-17 21:38 --------- d-----w C:\Program Files\DivX 2007-11-13 21:24 --------- d-----w C:\Program Files\Silkroad 2007-11-10 08:56 --------- d-----w C:\Program Files\Valve 2007-11-06 06:14 --------- d-----w C:\Program Files\Thoosje Sidebar 2.2 2007-11-03 10:19 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent 2007-10-23 18:23 --------- d-----w C:\Program Files\eSkiMoS R2 2007-10-23 18:09 --------- d-----w C:\Program Files\Winamp Toolbar 2007-10-23 18:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2007-10-19 19:56 --------- d-----w C:\Program Files\GameTop.com 2007-10-17 18:20 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\eSkiMoS R2 2007-10-16 12:56 --------- d-----w C:\Program Files\Java 2007-10-15 05:08 --------- d-----w C:\Program Files\Avant Browser 2007-10-14 08:07 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.1 2007-10-12 19:02 --------- d-----w C:\Program Files\Return to Castle Wolfenstein 2007-10-10 16:35 --------- d-----w C:\Program Files\EA GAMES 2007-09-29 12:21 29,692 ----atw C:\windows\system32\sintfnt.dll 2007-09-29 12:21 17,828 ----atw C:\windows\system32\sintf32.dll 2007-09-29 12:21 12,066 ----atw C:\windows\system32\sintf16.dll 2007-09-29 11:52 --------- d-----w C:\Program Files\Shadow Man 2007-09-29 11:31 --------- d-----w C:\Program Files\Acclaim Entertainment 2007-09-06 10:09 801,144 ----a-w C:\windows\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\windows\system32\AvastSS.scr 2007-05-12 06:32 577,349 --sh–w C:\windows\system32\mmllm.bak1 2007-05-14 17:04 576,333 --sh–w C:\windows\system32\mmllm.bak2 2007-05-14 21:05 579,324 --sh–w C:\windows\system32\mmllm.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2007-09-15 07:11] “ctfmon.exe”=“C:\windows\system32\ctfmon.exe” [2004-08-04 00:44] “XPRepairBusiness”=“C:\Program Files\XP Repair Pro\xprepairpro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54] “Expressivo”=“C:\Program Files\ivo\Expressivo\expressivo.exe” [2006-12-04 21:03] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2007-09-06 11:06] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-09-28 16:26] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\User\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-08-13 18:23:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-03-13 10:57 221184 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32IVKT Agent] C:\WINDOWS\system32IVKT.exe R2 SetupNT;SetupNT;C:\windows\system32\SetupNT.sys . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 15:31:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 15:31:42 C:\ComboFix2.txt … 2007-11-28 14:51 C:\ComboFix3.txt … 2007-11-27 14:47 . — E O F —

Gutek · 28 Listopad 2007 16:53

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Dziobak_pl · 28 Listopad 2007 19:49

ComboFix 07-11-19.3 - User 2007-11-28 15:29:56.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.170 [GMT 1:00] Running from: F:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-26 21:23 2007-11-26 16:41 2007-11-26 16:03 2007-11-26 15:47 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-26 15:33 2007-11-25 21:48 2007-11-25 21:13 2007-11-24 16:19 2007-11-24 16:18 2007-11-24 16:18 2007-11-24 15:44 2007-11-24 10:59 2007-11-24 10:59 2007-11-24 09:25 2007-11-23 20:43 2007-11-23 18:39 2007-11-23 18:33 2007-11-22 22:40 2007-11-21 19:12 2007-11-18 17:23 2007-11-18 17:06 2007-11-17 18:44 2007-11-14 15:53 8,488,960 -----c— C:\WINDOWS\system32\dllcache\shell32.dll 2007-11-10 11:20 2007-11-10 09:58 2007-11-10 09:45 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:42 2007-11-10 09:39 2007-11-10 09:16 2007-11-10 09:13 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 2007-11-10 09:11 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 14:27 --------- d-----w C:\Program Files\cFosSpeed 2007-11-28 14:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-24 11:19 --------- d-----w C:\Program Files\Yahoo! 2007-11-24 11:19 --------- d-----w C:\Program Files\CCleaner 2007-11-24 09:57 --------- d-----w C:\Program Files\ActivationManager 2007-11-24 09:56 --------- d-----w C:\Program Files\Winamp 2007-11-24 08:36 --------- d-----w C:\Program Files\XP Repair Pro 2007-11-22 21:18 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-18 16:09 --------- d-----w C:\Program Files\eMule 2007-11-17 21:38 --------- d-----w C:\Program Files\DivX 2007-11-13 21:24 --------- d-----w C:\Program Files\Silkroad 2007-11-10 08:56 --------- d-----w C:\Program Files\Valve 2007-11-06 06:14 --------- d-----w C:\Program Files\Thoosje Sidebar 2.2 2007-11-03 10:19 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent 2007-10-23 18:23 --------- d-----w C:\Program Files\eSkiMoS R2 2007-10-23 18:09 --------- d-----w C:\Program Files\Winamp Toolbar 2007-10-23 18:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2007-10-19 19:56 --------- d-----w C:\Program Files\GameTop.com 2007-10-17 18:20 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\eSkiMoS R2 2007-10-16 12:56 --------- d-----w C:\Program Files\Java 2007-10-15 05:08 --------- d-----w C:\Program Files\Avant Browser 2007-10-14 08:07 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.1 2007-10-12 19:02 --------- d-----w C:\Program Files\Return to Castle Wolfenstein 2007-10-10 16:35 --------- d-----w C:\Program Files\EA GAMES 2007-09-29 12:21 29,692 ----atw C:\windows\system32\sintfnt.dll 2007-09-29 12:21 17,828 ----atw C:\windows\system32\sintf32.dll 2007-09-29 12:21 12,066 ----atw C:\windows\system32\sintf16.dll 2007-09-29 11:52 --------- d-----w C:\Program Files\Shadow Man 2007-09-29 11:31 --------- d-----w C:\Program Files\Acclaim Entertainment 2007-09-06 10:09 801,144 ----a-w C:\windows\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\windows\system32\AvastSS.scr 2007-05-12 06:32 577,349 --sh–w C:\windows\system32\mmllm.bak1 2007-05-14 17:04 576,333 --sh–w C:\windows\system32\mmllm.bak2 2007-05-14 21:05 579,324 --sh–w C:\windows\system32\mmllm.ini2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2007-09-15 07:11] “ctfmon.exe”=“C:\windows\system32\ctfmon.exe” [2004-08-04 00:44] “XPRepairBusiness”=“C:\Program Files\XP Repair Pro\xprepairpro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54] “Expressivo”=“C:\Program Files\ivo\Expressivo\expressivo.exe” [2006-12-04 21:03] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2007-09-06 11:06] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-09-28 16:26] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\User\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\User.USER-C4418C3FA9.000\Menu Start\Programy\Autostart\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-08-13 18:23:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-03-13 10:57 221184 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32IVKT Agent] C:\WINDOWS\system32IVKT.exe R2 SetupNT;SetupNT;C:\windows\system32\SetupNT.sys . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 15:31:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 15:31:42 C:\ComboFix2.txt … 2007-11-28 14:51 C:\ComboFix3.txt … 2007-11-27 14:47 . — E O F —

Gutek · 28 Listopad 2007 22:25

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo