Wyłączenie kasperskiego 6 + rootkit alert

1. kapersky został wyłączony [ raczej zablokowany] choć jego procesy avp.exe [szt.2 - co jest normalne] były cały czas uruchomione. po tym jak zostawały przeze mnie ubite załączały się powtórnie, również w trybie awaryjnym po włączeniu Kasperskiego występowała ta sytuacja. Ponieważ nie mogłem ususnąć programu nałożyłem instalkę i kaspersky ożył, ale co pewien czas zgłasza alerty o połączeniu wychodzącym inicjowanym przez rootkita. w związku z tym wykonałem akcję HJT i usunąłem 4 szt. wpisów w rejestrze związanych z przeglądanymi stronami www Poniżej załączam logi z HJT, SR, Combofix i Rootkit Revealer. Proszę o analizę i wskazanie rzeczy do ewentualnego usunięcia. Uprzedzając ew. zapytania o wpisy zawierające frazy: ASIX, Beckhoff, TwinCAT - są one poprawne. Z góry dzięki za pomoc. HJT [code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:19, on 2007-10-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\TwinCAT\EventLogger\TcEventLogger.exe C:\WINDOWS\Explorer.EXE C:\TwinCAT\TCATSysSrv.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\wincmd\WINCMD32.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7114CAB2-FAEB-4B6A-B2A5-F9E84EF9B2C2}: NameServer = 80.249.0.18,80.249.5.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{725AF909-8CA0-4E56-9524-7E27A2A8698B}: NameServer = 192.168.0.1 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: DDE serwer danych bieżących systemu ASIX (AsixCTDDE) - Askom sp. z o.o. - C:\ASIX\SERVIC~1.EXE O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe O23 - Service: TwinCAT System Service - BECKHOFF - C:\TwinCAT\TCATSysSrv.exe -- End of file - 5644 bytes [/code] Combofix [code]ComboFix 07-10-02.2 - automatyka 2007-10-02 13:23:29.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.282 [GMT 2:00] Running from: D:\Wojtek_siec\1\Combofix\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))) . 2007-10-02 13:01 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-02 10:33 d-------- C:\Program Files\Trend Micro 2007-10-01 07:19 d-------- C:\Temp 2007-09-18 11:06 d-------- C:\Documents and Settings\automatyka\Dane aplikacji\Thunderbird 2007-09-13 12:34 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-09-13 12:34 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-09-13 12:33 2,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-09-13 12:33 1,494,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-13 12:33 d-------- C:\Program Files\Kaspersky Lab 2007-09-13 12:33 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-02 12:32 3404 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-02 12:32 23156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2005-08-01 14:08 16 --a------ C:\Documents and Settings\automatyka\piei01.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-02_13.08.12.10 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 163,328 2007-03-13 08:57:12 C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2001-10-16 16:07] "iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2001-06-18 14:30] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10] "BigDog303"="C:\WINDOWS\VM303_STI.exe" [] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-07-19 16:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll R2 DriverX;DriverX;C:\WINDOWS\system32\drivers\DriverX.sys R2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys R2 TcCam;TwinCAT CAM Server;\??\C:\TwinCAT\Driver\TcCam.sys R2 TcEventLogger;TcEventLogger;C:\TwinCAT\EventLogger\TcEventLogger.exe R2 TcIo;TwinCAT IO Server;\??\C:\TwinCAT\Driver\TcIo.sys R2 TcPlc;TwinCAT IEC1131 Server;\??\C:\TwinCAT\Driver\TcPlc.sys R2 TcRouter;TwinCAT Router Server;\??\C:\TwinCAT\Driver\TcRouter.sys R2 TcRTime;TwinCAT Realtime Server;\??\C:\TwinCAT\Driver\TcRTime.sys R2 TwinCAT System Service;TwinCAT System Service;C:\TwinCAT\TCATSysSrv.exe R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\Wibukey.sys R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S3 AsixCTDDE;DDE serwer danych bieżących systemu ASIX;C:\ASIX\SERVIC~1.EXE S3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-02 13:28:33 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-02 13:30:56 C:\ComboFix-quarantined-files.txt ... 2007-10-02 13:30 . --- E O F --- [/code] Silent Runners [code]"Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."] "iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."] "NeroCheck" = "C:\WINDOWS\system32\\NeroCheck.exe" ["Ahead Software Gmbh"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] "BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" [file not found] "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"" ["Kaspersky Lab"] HKLM\Software\Microsoft\Active Setup\Installed Components<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub" \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {C451C08A-EC37-45DF-AAAD-18B51AB5E837}\(Default) = (no title provided) -> {HKLM...CLSID} = "PDFCreator Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension" -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension" \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows<> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided) -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension" \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlersKaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ShellEx.dll" ["Kaspersky Lab"] TzShell\(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}" -> {HKLM...CLSID} = "TzShell" \InProcServer32\(Default) = "C:\PROGRA~1\TUGZip\TzShell.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZONERMenu\(Default) = "{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Zoner\Photo Studio 8\Program\SHELLEXT8.DLL" [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersWinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZONERMenu\(Default) = "{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Zoner\Photo Studio 8\Program\SHELLEXT8.DLL" [file not found] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersKaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ShellEx.dll" ["Kaspersky Lab"] TzShell\(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}" -> {HKLM...CLSID} = "TzShell" \InProcServer32\(Default) = "C:\PROGRA~1\TUGZip\TzShell.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZONERMenu\(Default) = "{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Zoner\Photo Studio 8\Program\SHELLEXT8.DLL" [file not found] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" -> {HKLM...CLSID} = "PDFCreator Toolbar" \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar" -> {HKLM...CLSID} = "PDFCreator Toolbar" \InProcServer32\(Default) = "C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll" ["Kaspersky Lab"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}"ButtonText" = "Statystyki ochrony WWW" {E2E2DD38-D088-4134-82B7-F2BA38496583}"MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r" ["Kaspersky Lab"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"] TcEventLogger, TcEventLogger, "C:\TwinCAT\EventLogger\TcEventLogger.exe" [empty string] TwinCAT System Service, TwinCAT System Service, "C:\TwinCAT\TCATSysSrv.exe" ["BECKHOFF"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\MonitorsHPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."] PDFCreator\Driver = "pdfcmnnt.dll" [null data] ---------- (launch time: 2007-10-02 13:13:48) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 188 seconds. ---------- (total run time: 274 seconds) [/code] Rootkit Reveal [code]HKLM\SECURITY\Policy\Secrets\SAC* 2005-06-21 14:04 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 2005-06-21 14:04 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SCM:{16779ED9-0265-11D4-9634-0020AF2F2B2C}* 2006-11-20 12:09 0 bytes Key name contains embedded nulls (*) C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\2b4.E44B6E0C01C804D7.history 2007-10-02 11:37 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\2b4.E460E33601C804D7.history 2007-10-02 11:37 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\430.488A321E01C804D2.history 2007-10-02 10:57 0 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\4e0.7248B9F801C804D8.history 2007-10-02 11:41 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\4e0.725E2F2201C804D8.history 2007-10-02 11:41 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\9d8.489FA74801C804D2.history 2007-10-02 10:57 0 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\b34.11F1998201C804D1.history\00000000.bak 2007-10-02 10:58 3.65 MB Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\c44.09496A7401C804D8.history 2007-10-02 11:38 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\c44.095EDF9E01C804D8.history 2007-10-02 11:38 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\db8.9DBCD69C01C804D7.history 2007-10-02 11:35 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\de0.485820BC01C804D2.history 2007-10-02 10:57 0 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\e88.BAB60A5201C804D7.history 2007-10-02 11:36 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\ef0.59ADB52401C804D8.history 2007-10-02 11:41 0 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\ef0.59D63D1E01C804D8.history 2007-10-02 11:41 0 bytes Hidden from Windows API. C:\Documents and Settings\automatyka\Dane aplikacji\Microsoft\Office\Niedawny\IL7OL0RY.LNK 2007-08-29 12:47 985 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Dane aplikacji\Microsoft\Office\Niedawny\M_Bus_protocol_087R2121_2561.LNK 2007-09-14 12:33 764 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Dane aplikacji\Microsoft\Office\Niedawny\RW wrzesie 2007-10-02 11:41 291 bytes Hidden from Windows API. C:\Documents and Settings\automatyka\Dane aplikacji\Microsoft\Office\Niedawny\Stacja dyskietek 3,5 (A).LNK 2007-10-02 11:41 179 bytes Hidden from Windows API. C:\Documents and Settings\automatyka\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\parent.lock 2007-10-02 10:58 0 bytes Hidden from Windows API. C:\Documents and Settings\automatyka\Recent\DSC02288.lnk 2007-06-28 13:17 386 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Recent\Krosowanie przewodów.lnk 2007-09-20 08:15 472 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Recent\Moje obrazy.lnk 2007-09-17 11:13 362 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Recent\RW wrzesie 2007-10-02 11:42 229 bytes Hidden from Windows API. C:\Documents and Settings\automatyka\Recent\Stacja dyskietek 3,5 (A).lnk 2007-10-02 11:42 129 bytes Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\01A2A320d01 2007-10-02 11:07 32.44 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\06CC909Fd01 2007-10-02 11:21 17.60 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\092B9514d01 2007-10-02 11:04 46.57 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\0E787DF6d01 2007-10-02 10:59 91.67 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\10067EBFd01 2007-10-02 11:07 42.90 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\1059D392d01 2007-10-02 11:12 40.21 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\109BE68Fd01 2007-10-02 10:59 19.39 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\13458E01d01 2007-10-02 11:20 17.42 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\176F21B7d01 2007-10-02 11:18 21.50 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\1F953ADCd01 2007-10-02 11:01 64.89 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\238C1CA4d01 2007-10-02 11:19 21.38 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\23A6D143d01 2007-10-02 11:21 63.41 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\24690E73d01 2007-10-02 11:45 56.37 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\26C40BAFd01 2007-10-02 11:13 49.06 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\2CE9363Cd01 2007-10-02 11:09 19.18 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\2CE9363Dd01 2007-10-02 11:08 20.05 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\2EE15ACDd01 2007-10-02 10:59 20.84 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\322838FFd01 2007-10-02 11:17 25.18 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\325EE4F2d01 2007-10-02 11:17 22.92 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\3DFAA21Dd01 2007-10-02 11:46 17.65 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\41729205d01 2007-10-02 11:19 21.03 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\459B2AC2d01 2007-10-02 11:00 24.31 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\45CB7AC2d01 2007-10-02 11:00 24.12 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\4842BEC4d01 2007-10-02 11:23 16.79 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\4A26D0E3d01 2007-10-02 11:21 33.24 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\4D71013Bd01 2007-10-02 11:14 19.72 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\4EA9A294d01 2007-10-02 11:05 42.91 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\4F5C61ACd01 2007-10-02 10:59 16.73 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\508FA0C3d01 2007-10-02 10:59 35.08 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\531E29A8d01 2007-10-02 10:59 20.91 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\564BEC3Ed01 2007-10-02 11:14 27.75 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\58005015d01 2007-10-02 11:17 16.75 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\593FDB60d01 2007-10-02 11:07 17.94 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\5E136EBEd01 2007-10-02 11:45 60.66 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\5FFDE755d01 2007-10-02 10:59 16.73 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\60573D60d01 2007-10-02 11:04 17.63 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\60A38B59d01 2007-10-02 11:07 86.40 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\71ED5980d01 2007-10-02 10:58 23.70 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\76D802FCd01 2007-10-02 11:05 23.15 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\7A3A9B64d01 2007-10-02 11:07 18.81 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\810A804Cd01 2007-10-02 11:45 19.24 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\856BB2BCd01 2007-10-02 11:02 62.84 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\856F46E0d01 2007-10-02 11:03 73.70 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\88AF1D3Ed01 2007-10-02 11:13 23.57 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\8D0715A7d01 2007-10-02 10:59 17.76 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\8DD5E9EBd01 2007-10-02 10:59 20.25 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\8F302017d01 2007-10-02 11:01 32.14 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\908BA25Ed01 2007-10-02 11:01 29.20 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\908F5602d01 2007-10-02 11:01 30.20 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\96CB221Ed01 2007-10-02 10:59 18.66 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\9A9E2707d01 2007-10-02 10:59 18.66 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\A0DC024Ad01 2007-10-02 11:10 16.36 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\A0DC046Dd01 2007-10-02 11:10 18.72 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\A3FA231Dd01 2007-10-02 10:59 17.05 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\A6912ACEd01 2007-10-02 11:01 42.82 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\A934598Ad01 2007-10-02 11:14 17.98 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\A99ECE49d01 2007-10-02 11:04 55.67 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\B08B3AC2d01 2007-10-02 10:59 19.64 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\B6AD2141d01 2007-10-02 11:07 26.79 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\BA593291d01 2007-10-02 10:59 36.79 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\C19DD2C1d01 2007-10-02 11:23 19.96 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\C2FD245Cd01 2007-10-02 10:59 17.15 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\C4A02017d01 2007-10-02 10:59 37.77 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\C61AF3EDd01 2007-10-02 11:04 57.48 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\C70EB203d01 2007-10-02 11:14 18.76 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\D04727D4d01 2007-10-02 10:59 16.73 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\D443C928d01 2007-10-02 11:19 18.93 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\D548670Fd01 2007-10-02 10:59 35.95 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\DA1DBC02d01 2007-10-02 11:04 57.48 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\DF4F1B9Dd01 2007-10-02 11:07 18.27 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\E1BE2913d01 2007-10-02 10:59 21.32 KB Hidden from Windows API. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\E4544C36d01 2007-10-02 11:20 40.49 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\ECA16062d01 2007-10-02 11:23 28.38 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\automatyka\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\v3tk69up.default\Cache\FCCC0923d01 2007-10-02 10:58 18.48 KB Hidden from Windows API. C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf 2007-10-02 10:57 15.65 KB Hidden from Windows API. C:\WINDOWS\Temp\cch~29f372e5f.htp 2007-10-02 10:59 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~29f373907.htp 2007-10-02 10:59 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2d5129bdd.htp 2007-10-02 11:03 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2d512a6c5.htp 2007-10-02 11:03 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2de6d509a.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2de6d5b19.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2dfb1e2cd.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2dfb1edaf.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2e1973ee1.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2e19749df.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2e19d9cfb.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2e19da7d8.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2e1a05894.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~2e1a063d7.htp 2007-10-02 11:04 8.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\cch~4ed8ebd2a.htp 2007-10-02 11:45 8.00 KB Hidden from Windows API. C:\WINDOWS\Temp\cch~4ed8ec974.htp 2007-10-02 11:45 8.00 KB Hidden from Windows API. C:\WINDOWS\Temp\cch~4ed9fe220.htp 2007-10-02 11:45 8.00 KB Hidden from Windows API. C:\WINDOWS\Temp\cch~4ed9fed35.htp 2007-10-02 11:45 8.00 KB Hidden from Windows API. [/code]

Odpowiedzi: 0

Endrju
Dodano:
02.10.2007 16:02:05
Komentarzy:
0
Strona 0 / 0