[code] HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : DOM-9AA64BCEBC8 Windows . . . . . . . : 5.1.3.2600.X86/2 User name . . . . . . : DOM-9AA64BCEBC8\Krzysiek License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-07-05 12:05:59 Scan mode . . . . . . : Normal Scan duration . . . . : 17m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 7932 Traces . . . . . . . : 54151 Objects scanned . . . : 717 261 Files scanned . . . . : 73 419 Remnants scanned . . : 168 631 files / 475 211 keys Malware _____________________________________________________________________ C:\Documents and Settings\Kamila\Pulpit\Firefox Setup 4.0.1.exe -> Quarantined Size . . . . . . . : 13 252 488 bytes Age . . . . . . . : 793.6 days (2011-05-03 21:59:59) Entropy . . . . . : 8.0 SHA-256 . . . . . : A27AB47759FF0D60859B80DF6070560939408A8ED08D1EF25E2B9EEEC6F2969D Product . . . . . : Firefox Publisher . . . . : Mozilla Description . . . : Firefox Version . . . . . : 4.42 Copyright . . . . : Mozilla > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 108.0 C:\Documents and Settings\Krzysiek\Pulpit\BS\bot\Switchbotv3.exe -> Deleted Size . . . . . . . : 1 830 912 bytes Age . . . . . . . : 31.1 days (2013-06-04 08:37:00) Entropy . . . . . : 8.0 SHA-256 . . . . . : 59F688C9D6C9178528568D855651C9F04C96AE07996DE472F50F2F3998DAE2B7 > G Data . . . . . . : Trojan.Generic.7074917 (Engine A) > Ikarus . . . . . . : Virus.Win32.Crypt.CMV!IK Fuzzy . . . . . . : 119.0 C:\Documents and Settings\Krzysiek\Pulpit\Programy\Gry\BH Client.exe -> Quarantined Size . . . . . . . : 942 080 bytes Age . . . . . . . : 732.0 days (2011-07-04 12:23:07) Entropy . . . . . : 8.0 SHA-256 . . . . . : 931050A25380D1CC4D22BD1DBAEBFCE5A066E7126FED4CB77D4358C714AF0A1F Product . . . . . : Bleach History Client Publisher . . . . : Bh Team Description . . . : Bleach History Client Version . . . . . : 1.00 Copyright . . . . : Copyright (C) Pinokio & Knopers 2011 > G Data . . . . . . : Gen:Trojan.Heur2.UT.5C0@bCDreFCi Fuzzy . . . . . . : 108.0 C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Kookos\tmp.exe -> Deleted Size . . . . . . . : 119 808 bytes Age . . . . . . . : 735.9 days (2011-06-30 15:30:55) Entropy . . . . . : 6.2 SHA-256 . . . . . : C9378B2186003427201EB6DC29C0CB197CE0E47E221987EAD4E1CB215D42B95D > G Data . . . . . . : Gen:Malware.Heur.huW@b0@N1jf > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Kookos\up.exe -> Deleted Size . . . . . . . : 119 808 bytes Age . . . . . . . : 735.9 days (2011-06-30 15:30:34) Entropy . . . . . : 6.2 SHA-256 . . . . . : C9378B2186003427201EB6DC29C0CB197CE0E47E221987EAD4E1CB215D42B95D > G Data . . . . . . : Gen:Malware.Heur.huW@b0@N1jf > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe -> Quarantined Size . . . . . . . : 32 768 bytes Age . . . . . . . : 767.7 days (2011-05-29 20:20:08) Entropy . . . . . : 4.5 SHA-256 . . . . . : A25F17EB4B366D779BDC9A0AE7C53280D21DFAF13C62528B9B5E481968FB1A70 Product . . . . . : Adobe Reader PDF Info Publisher . . . . : Adobe Systems Incorporated Description . . . : Adobe Reader PDF Info 7.0 Version . . . . . : 7.0.0.0 Copyright . . . . : Copyright 2004 Adobe Systems Incorporated > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 99.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\alg.exe -> Deleted Size . . . . . . . : 862 720 bytes Age . . . . . . . : 143.6 days (2013-02-11 21:21:33) Entropy . . . . . : 7.9 SHA-256 . . . . . : 33600AB909E0C591F1AB3630095D5766D6948DF9FE30632BEEF8F40991444B66 Product . . . . . : EhRJZz Publisher . . . . : 42vsoeeku Description . . . : nCgDK Version . . . . . : 0.91.37042.14012 > G Data . . . . . . : Win32:Downloader-SBH [Trj] > Ikarus . . . . . . : Trojan-Downloader.Win32.Agent!IK Fuzzy . . . . . . : 126.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\klwtblfs.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:51:08) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 125.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\mcshield.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:49:51) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 125.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\mcvsescn.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:48:47) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 125.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\nvsvc32.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:56:08) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 125.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Quarantined Size . . . . . . . : 32 768 bytes Age . . . . . . . : 767.7 days (2011-05-29 20:20:08) Entropy . . . . . : 4.9 SHA-256 . . . . . : 9AB1545EF751F9D5F20A2B7D0E805787ECE8CAF2A22299DEFA1360EAE47FAE04 Product . . . . . : Adobe Acrobat Publisher . . . . : Adobe Systems Incorporated Description . . . : Adobe Acrobat SpeedLauncher Version . . . . . : 7.0.0.0 Copyright . . . . : Copyright Adobe Systems Incorporated 2004 > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 99.0 Startup C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk References HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Adobe\Acrobat 7.0\Reader\reader_sl.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Adobe\Acrobat 7.0\Reader\reader_sl.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Adobe\Acrobat 7.0\Reader\reader_sl.exe HKU\S-1-5-21-682003330-1897051121-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programy i gry\Adobe\Acrobat 7.0\Reader\rename.exe -> Deleted Size . . . . . . . : 862 720 bytes Age . . . . . . . : 143.6 days (2013-02-11 22:20:16) Entropy . . . . . : 7.9 SHA-256 . . . . . : 33600AB909E0C591F1AB3630095D5766D6948DF9FE30632BEEF8F40991444B66 Product . . . . . : EhRJZz Publisher . . . . : 42vsoeeku Description . . . : nCgDK Version . . . . . : 0.91.37042.14012 > G Data . . . . . . : Win32:Downloader-SBH [Trj] > Ikarus . . . . . . : Trojan-Downloader.Win32.Agent!IK Fuzzy . . . . . . : 119.0 C:\Programy i gry\Adobe\Acrobat 7.0\Reader\wisptis.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:47:53) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 132.0 C:\Programy i gry\CCleaner\uninst.exe -> Quarantined Size . . . . . . . : 76 016 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:29:47) Entropy . . . . . : 6.2 SHA-256 . . . . . : 857279E95234FA7FD9F42AF47C5D1ED81E4F8E1AE4BFD5F35FFD1F7AE177743A Product . . . . . : CCleaner Publisher . . . . : Piriform Ltd Description . . . : CCleaner Installer Version . . . . . : 2.0.0.0 Copyright . . . . : ©2005-2008 Piriform Ltd > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 108.0 References C:\Documents and Settings\Krzysiek\Menu Start\Programy\CCleaner\Uninstall CCleaner.lnk C:\Programy i gry\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe -> Quarantined Size . . . . . . . : 614 400 bytes Age . . . . . . . : 710.5 days (2011-07-26 00:32:41) Entropy . . . . . : 6.2 SHA-256 . . . . . : B0711A48A47EE49079B86D98D3B8684604F316C82ADCE3D92D3B4AD0C17BAE55 Product . . . . . : InstallShield (R) Publisher . . . . : InstallShield Software Corporation Description . . . : InstallShield (R) Setup Engine Version . . . . . : 6.31.100.1221 Copyright . . . . : Copyright (C) 1990-2001 InstallShield Software Corporation > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 100.0 References HKU\S-1-5-21-682003330-1897051121-1417001333-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe C:\Programy i gry\Java\jre6\bin\java-rmi.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:02) Entropy . . . . . : 5.6 SHA-256 . . . . . : 0D4F569E6AE78145F6F4297992B81B1ABB290259E63A6EC39A50021DD6869DAD > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\java.exe -> Quarantined Size . . . . . . . : 136 992 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:02) Entropy . . . . . : 6.2 SHA-256 . . . . . : 817A33E29D1B0E52F85D5A31A3FA357166FB10F5C2DB61DE6675E2ED1241A358 Product . . . . . : Java(TM) Platform SE 6 U27 Publisher . . . . : Sun Microsystems, Inc. Description . . . : Java(TM) Platform SE binary Version . . . . . : 6.0.270.7 Copyright . . . . : Copyright © 2011 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 References HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Java\jre6\bin\java.exe HKU\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Java\jre6\bin\java.exe C:\Programy i gry\Java\jre6\bin\javaw.exe -> Quarantined Size . . . . . . . : 136 992 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:02) Entropy . . . . . : 6.2 SHA-256 . . . . . : 7636990B312997DABBBB0ECBDAE1EC3E86484E8D9979998A9308F7362CFB01AF Product . . . . . : Java(TM) Platform SE 6 U27 Publisher . . . . : Sun Microsystems, Inc. Description . . . : Java(TM) Platform SE binary Version . . . . . : 6.0.270.7 Copyright . . . . : Copyright © 2011 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 100.0 References HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Java\jre6\bin\javaw.exe HKU\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Java\jre6\bin\javaw.exe C:\Programy i gry\Java\jre6\bin\keytool.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:04) Entropy . . . . . : 5.5 SHA-256 . . . . . : DC628FC3827DD213AD41DA526D0845744EDFBCB3EBBC205E44DD87892DF7997D > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\kinit.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:04) Entropy . . . . . : 5.5 SHA-256 . . . . . : E78980C85C5144256D739D653735620E81768434306E12384BA98F2A36EB5C27 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\klist.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:04) Entropy . . . . . : 5.5 SHA-256 . . . . . : B9F57D64F4599601EBAB30AAA6E6356CD0689D8A9789452E07A867E6DC0E5DAD > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\ktab.exe -> Quarantined Size . . . . . . . : 39 712 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:04) Entropy . . . . . : 6.9 SHA-256 . . . . . : 6DB90D0FA33423750E16EDDD00501A13696EA4B1BC3870BC8CBBE5BA3A0D76D1 Product . . . . . : Java(TM) Platform SE 6 U27 Publisher . . . . : Sun Microsystems, Inc. Description . . . : Java(TM) Platform SE binary Version . . . . . : 6.0.270.7 Copyright . . . . : Copyright © 2011 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 C:\Programy i gry\Java\jre6\bin\orbd.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:06) Entropy . . . . . : 5.6 SHA-256 . . . . . : 19DF3B25497163CFAC2597B06CCE75D7A3513390C2E3C4EE674D1CCA167B7A04 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\pack200.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:06) Entropy . . . . . : 5.6 SHA-256 . . . . . : 87007CED0B963F90C829AD0534362CBA446B1BD0E643C1F7FE4B106DC8C334F1 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\policytool.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:06) Entropy . . . . . : 5.5 SHA-256 . . . . . : E35B7D1E6000B00D6F563EF10180B19B28ED8F7804089831D578BFCE92883BF1 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\rmid.exe -> Quarantined Size . . . . . . . : 31 520 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:06) Entropy . . . . . : 5.5 SHA-256 . . . . . : EE1B2226754CC492AF68F34A52A73ADBB679B2174F9B104C1EC5D9418D8E050F > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 116.0 C:\Programy i gry\Java\jre6\bin\rmiregistry.exe -> Quarantined Size . . . . . . . : 35 616 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:06) Entropy . . . . . : 6.7 SHA-256 . . . . . : 68545D2D10E482E8FB6AB7E55A867DB7E86FD62E550D6AB1C1C8B2F17ADD0168 Product . . . . . : Java(TM) Platform SE 6 U27 Publisher . . . . : Sun Microsystems, Inc. Description . . . : Java(TM) Platform SE binary Version . . . . . : 6.0.270.7 Copyright . . . . : Copyright © 2011 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 C:\Programy i gry\Java\jre6\bin\servertool.exe -> Quarantined Size . . . . . . . : 39 712 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:06) Entropy . . . . . : 6.9 SHA-256 . . . . . : 46858243EF4441270F355C30E6C89A4F9C22C41239BB44458B9930978D0C67F6 Product . . . . . : Java(TM) Platform SE 6 U27 Publisher . . . . : Sun Microsystems, Inc. Description . . . : Java(TM) Platform SE binary Version . . . . . : 6.0.270.7 Copyright . . . . : Copyright © 2011 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 C:\Programy i gry\Java\jre6\bin\tnameserv.exe -> Quarantined Size . . . . . . . : 35 616 bytes Age . . . . . . . : 717.4 days (2011-07-19 02:12:08) Entropy . . . . . : 6.7 SHA-256 . . . . . : FDECF9A1CC18F7AEC487E3308CB5E63919A837CB7DCE05EAD00A58F5978E0445 Product . . . . . : Java(TM) Platform SE 6 U27 Publisher . . . . : Sun Microsystems, Inc. Description . . . : Java(TM) Platform SE binary Version . . . . . : 6.0.270.7 Copyright . . . . : Copyright © 2011 > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 106.0 C:\Programy i gry\PuTTY\pageant.exe -> Quarantined Size . . . . . . . : 139 264 bytes Age . . . . . . . : 420.8 days (2012-05-10 17:37:53) Entropy . . . . . : 6.5 SHA-256 . . . . . : 4953732788C5FC63EB800BC0ADE1C4BF902447A92A12ACB2B562F4BDCFDBB68F Product . . . . . : PuTTY suite Publisher . . . . : Simon Tatham Description . . . : PuTTY SSH authentication agent Version . . . . . : Release Copyright . . . . : Copyright © 1997-2011 Simon Tatham. > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 103.0 References C:\Documents and Settings\All Users\Menu Start\Programy\PuTTY\Pageant.lnk C:\Programy i gry\PuTTY\plink.exe -> Deleted Size . . . . . . . : 315 392 bytes Age . . . . . . . : 420.8 days (2012-05-10 17:37:53) Entropy . . . . . : 6.7 SHA-256 . . . . . : E9A4115DD74B907728C3A1C5E0CD89545BEDF825D77FB3524E3E9982ECF6B2C9 Product . . . . . : PuTTY suite Publisher . . . . : Simon Tatham Description . . . : Command-line SSH, Telnet, and Rlogin client Version . . . . . : Release Copyright . . . . : Copyright © 1997-2011 Simon Tatham. > G Data . . . . . . : Gen:Malware.Heur.tq0@bueB@iei > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 109.0 C:\Programy i gry\PuTTY\pscp.exe -> Deleted Size . . . . . . . : 323 584 bytes Age . . . . . . . : 420.8 days (2012-05-10 17:37:53) Entropy . . . . . : 6.7 SHA-256 . . . . . : 5B02A26B2899FCC3F06A225AA53340936E5431688443A91CFDC4B6B1E984A5FE Product . . . . . : PuTTY suite Publisher . . . . : Simon Tatham Description . . . : Command-line SCP/SFTP client Version . . . . . : Release Copyright . . . . : Copyright © 1997-2011 Simon Tatham. > G Data . . . . . . : Gen:Malware.Heur.tq0@bqC34Nhi > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 109.0 C:\Programy i gry\PuTTY\putty.exe -> Quarantined Size . . . . . . . : 483 328 bytes Age . . . . . . . : 420.8 days (2012-05-10 17:37:53) Entropy . . . . . : 6.6 SHA-256 . . . . . : 1255346F1E7A1A83AE93B9478540E07FAC8FE5EBA11C3F1062E68787C6259DAF Product . . . . . : PuTTY suite Publisher . . . . : Simon Tatham Description . . . : SSH, Telnet and Rlogin client Version . . . . . : Release Copyright . . . . : Copyright © 1997-2011 Simon Tatham. > Ikarus . . . . . . : Trojan.Win32.Swrort!IK Fuzzy . . . . . . : 99.0 References C:\Documents and Settings\All Users\Menu Start\Programy\PuTTY\PuTTY.lnk C:\Programy i gry\PuTTY\puttygen.exe -> Quarantined Size . . . . . . . : 180 224 bytes Age . . . . . . . : 420.8 days (2012-05-10 17:37:53) Entropy . . . . . : 6.7 SHA-256 . . . . . : F82D7E8E0C7F38FE29360439769DA72CA2321075087F1305DE5F5AF31123F4B7 Product . . . . . : PuTTY suite Publisher . . . . : Simon Tatham Description . . . : PuTTY SSH key generation utility Version . . . . . : Release Copyright . . . . : Copyright © 1997-2011 Simon Tatham. > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 103.0 References C:\Documents and Settings\All Users\Menu Start\Programy\PuTTY\PuTTYgen.lnk C:\Programy i gry\Real Alternative\Media Player Classic\mplayerc.exe -> Quarantined Size . . . . . . . : 4 409 792 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:16:59) Entropy . . . . . : 6.6 SHA-256 . . . . . : 3CF33DD356D829428951592F940BCDC27F321E79C46BDB8A614B175ED85B49D9 Product . . . . . : Media Player Classic Publisher . . . . : Gabest Description . . . : Media Player Classic Version . . . . . : 6.4.9.1 Copyright . . . . : Copyright (C) 2002-2009 Gabest et al. > Ikarus . . . . . . : Packed.Win32.Katusha!IK Fuzzy . . . . . . : 100.0 References C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative\Media Player Classic.lnk HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Real Alternative\Media Player Classic\mplayerc.exe C:\Programy i gry\Teamspeak2_RC2\TeamSpeak.exe -> Deleted Size . . . . . . . : 1 447 424 bytes Age . . . . . . . : 3597.8 days (2003-08-29 16:13:04) Entropy . . . . . : 6.5 SHA-256 . . . . . : 5FE6B70FAAAF9ED156ED2C10F25A5B591D3F1C9B429D5D9FE88E7C5EB94ACD8A Product . . . . . : TeamSpeak 2 Client Publisher . . . . : Dominating Bytes Design Description . . . : The TeamSpeak 2 client Version . . . . . : 2.0.32.60 Copyright . . . . : (c) 2002-2003 Dominating Bytes Design > G Data . . . . . . : Gen:Malware.Heur.yH0@bCwNG0yG > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 108.0 References C:\Documents and Settings\All Users\Menu Start\Programy\Teamspeak2 RC2\Teamspeak RC2.lnk C:\Programy i gry\Trust\GXT14 Mouse\StartAutorun.exe -> Quarantined Size . . . . . . . : 210 304 bytes Age . . . . . . . : 581.8 days (2011-12-01 17:21:45) Entropy . . . . . : 6.2 SHA-256 . . . . . : CEF3A42D2116B4ABFCE19FD1B0ABCC2584C4687C92168685E35CFB62D41C8097 Product . . . . . : DRIVER AUTORUN Publisher . . . . : UASSOFT.COM Description . . . : DRIVER AUTORUN Version . . . . . : 1.0.0.1 Copyright . . . . : UASSOFT.COM Parent Name . . . : C:\Programy i gry\Trust\GXT14 Mouse\POINTERGHOST.exe Running processes : 2976 > Ikarus . . . . . . : Trojan-Downloader.Win32.Banload!IK Fuzzy . . . . . . : 114.0 References HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Trust\GXT14 Mouse\StartAutorun.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Trust\GXT14 Mouse\StartAutorun.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Trust\GXT14 Mouse\StartAutorun.exe C:\Programy i gry\Trust\GXT14 Mouse\StartAutorunAsAdmin.exe -> Quarantined Size . . . . . . . : 221 184 bytes Age . . . . . . . : 581.8 days (2011-12-01 17:21:45) Entropy . . . . . : 6.2 SHA-256 . . . . . : 2B6626DD2D88E4BFB5297E2897813EFD1DA6E03C9D1BB392CD24857056B5CF90 Product . . . . . : DRIVER AUTORUN Publisher . . . . : UASSOFT.COM Description . . . : DRIVER AUTORUN Version . . . . . : 1.0.0.1 Copyright . . . . : UASSOFT.COM > Ikarus . . . . . . : Trojan-Downloader.Win32.Banload!IK Fuzzy . . . . . . : 114.0 C:\Programy i gry\Vimicro\VM305B\Driver AutoInstall\Driver Files\Amcap.exe -> Deleted Size . . . . . . . : 188 416 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:23:58) Entropy . . . . . : 6.3 SHA-256 . . . . . : 0AD6B2DF18A4158E491F0F60609A993DC8AE1B3B75E85FE2F1E799CCD3F89AD4 Product . . . . . : DirectX 9.0 Sample Publisher . . . . : Microsoft Corporation Description . . . : Capture Application (Sample) Version . . . . . : 9.00 Copyright . . . . : Copyright (C) 1992-2002 Microsoft Corporation > G Data . . . . . . : Gen:Malware.Heur.lq0@bSu1itgb > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 108.0 References C:\Documents and Settings\All Users\Menu Start\Programy\A4 TECH USB PC Camera V\AMCAP.lnk C:\Documents and Settings\Krzysiek\Pulpit\Programy\Inne\VAmcap.lnk C:\Programy i gry\Vimicro\VM305B\Driver AutoInstall\Driver Files\Sti305.exe -> Quarantined Size . . . . . . . : 53 248 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:23:59) Entropy . . . . . : 4.8 SHA-256 . . . . . : 19C4EAEFB43B87C1051CAAB22430E288B10B001201A0BD99D3C2CACC77F58E7F > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 117.0 C:\Programy i gry\Vimicro\VM305B\Driver AutoInstall\Driver Files\VM305Cap.exe -> Deleted Size . . . . . . . : 122 880 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:23:59) Entropy . . . . . : 5.8 SHA-256 . . . . . : 9C063829E0717AE24FF2824FF4C1729DD3243F8545EEAD231CA1691D01936B19 > G Data . . . . . . : Gen:Malware.Heur.hq0@bClBWihb > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 120.0 C:\Programy i gry\Windows Media Player\WMPNetwk.exe Size . . . . . . . : 918 016 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:02:50) Entropy . . . . . : 6.5 SHA-256 . . . . . : E48A003F3CF9AB649E92245EA2A498F6A8D57DF5018A9EC8CBD3FECB972062F6 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Usługa udostępniania w sieci programu Windows Media Player Version . . . . . : 11.0.5721.5145 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. Service . . . . . : WMPNetworkSvc > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 122.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc\ C:\Programy i gry\Windows NT\hypertrm.exe -> Deleted Size . . . . . . . : 39 936 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:02:30) Entropy . . . . . : 6.0 SHA-256 . . . . . : 8F8BF94402A345453CE2F371686F3B1093895BC7FD3BE9E3D8ACFFAE7B518CEC Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Hilgraeve, Inc. Description . . . : HyperTerminal Applet Version . . . . . : 5.1.2600.0 Copyright . . . . : Copyright © Hilgraeve, Inc. 2001 > G Data . . . . . . : Gen:Malware.Heur.cm0@buMcUQli > Ikarus . . . . . . : Virus.Win32.Sality!IK Fuzzy . . . . . . : 108.0 References C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria\Komunikacja\HyperTerminal.lnk C:\WINDOWS\ccapp.exe -> Deleted Size . . . . . . . : 862 720 bytes Age . . . . . . . : 143.6 days (2013-02-11 21:21:31) Entropy . . . . . : 7.9 SHA-256 . . . . . : 33600AB909E0C591F1AB3630095D5766D6948DF9FE30632BEEF8F40991444B66 Product . . . . . : EhRJZz Publisher . . . . : 42vsoeeku Description . . . : nCgDK Version . . . . . : 0.91.37042.14012 > G Data . . . . . . : Win32:Downloader-SBH [Trj] > Ikarus . . . . . . : Trojan-Downloader.Win32.Agent!IK Fuzzy . . . . . . : 115.0 C:\WINDOWS\ccsetmgr.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:49:51) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 121.0 C:\WINDOWS\em_exec.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:51:08) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 121.0 C:\WINDOWS\htpatch.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:56:08) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 121.0 C:\WINDOWS\ieuser.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:47:53) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 128.0 C:\WINDOWS\navapsvc.exe -> Deleted Size . . . . . . . : 828 416 bytes Age . . . . . . . : 74.6 days (2013-04-21 20:48:46) Entropy . . . . . : 7.9 SHA-256 . . . . . : 0E0ABAE6AD38FFF9CDE1B25D6EB2C7CF3C13708BF41871752993A05398FDE0F0 > G Data . . . . . . : Trojan.FakeAlert.DGD (Engine A) > Ikarus . . . . . . : Trojan-PWS.Win32.Tepfer!IK Fuzzy . . . . . . : 121.0 C:\WINDOWS\notepad.exe Size . . . . . . . : 69 792 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:55:07) Entropy . . . . . : 5.9 SHA-256 . . . . . : 745A41272132B77F859472D59457CF31AE648436A66851F158EB6900DB0640BA Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Notatnik Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 117.0 References HKU\S-1-5-21-682003330-1897051121-1417001333-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\notepad.exe C:\WINDOWS\System32\alg.exe Size . . . . . . . : 44 544 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 6.2 SHA-256 . . . . . : 95694ED64AA5E0AFEA51064AC9D7D8D6F2BB17692DAA38B468196C1BA081B2DB Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Application Layer Gateway Service Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : ALG > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 113.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\ALG\ C:\WINDOWS\system32\cidaemon.exe Size . . . . . . . : 8 192 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:42:09) Entropy . . . . . : 5.3 SHA-256 . . . . . : 19ED151AD6DA7A86D57A79C732EE02FB6CF42DD42FA25E377227B943C68ED042 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Indexing Service filter daemon Version . . . . . : 5.1.2600.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\cisvc.exe Size . . . . . . . : 5 632 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 4.2 SHA-256 . . . . . : 6459A6EA2692D54C936B523D39AE4A60A46FA333407BA9E4FF4CDFD2C78A5E4B Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Content Index service Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : CiSvc > Ikarus . . . . . . : Trojan.Win32.Spy!IK Fuzzy . . . . . . : 110.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\CiSvc\ C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JT9VXQC1\instcod[1].exe -> Deleted Size . . . . . . . : 23 040 bytes Age . . . . . . . : 184.8 days (2013-01-01 16:50:21) Entropy . . . . . : 6.3 SHA-256 . . . . . : D7B690A5D1F60D48E52096D1731F35747AC89A1847F048EC16D182D44CE77D6A > G Data . . . . . . : Gen:Variant.Symmi.8629 (Engine A) > Ikarus . . . . . . : Trojan-PSW.Win32.Tepfer!IK Fuzzy . . . . . . : 106.0 C:\WINDOWS\system32\find.exe Size . . . . . . . : 9 216 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:43:24) Entropy . . . . . : 5.6 SHA-256 . . . . . : BFF779EE78421220B3FA1820F5FA0A93EA84AEF991034EF8E548E02FE1D7BC6C Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Find String (grep) Utility Version . . . . . : 5.1.2600.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Ikarus . . . . . . : Trojan.Win32.Spy!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\fltMc.exe Size . . . . . . . : 23 040 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:03:55) Entropy . . . . . : 4.8 SHA-256 . . . . . : A6C9A4205B32C82B4E81E3B78DA6E462693261EF004964AFCCCFB6514642A2FA Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Filter Manager Control Program Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 107.0 C:\WINDOWS\system32\logon.scr Size . . . . . . . : 220 400 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 4.1 SHA-256 . . . . . : 877F2FE77C1C744D91BA4D7C46897E370124AAAB26F7EF04FDDE906AE8DE3F73 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu logowania Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 107.0 C:\WINDOWS\system32\msfeedssync.exe Size . . . . . . . : 13 312 bytes Age . . . . . . . : 1580.3 days (2009-03-08 04:31:54) Entropy . . . . . : 5.4 SHA-256 . . . . . : F58B69A38A0D12478BB452E307A861177DC8B03D34B3D91DE45A6D3AE9FAD80D Product . . . . . : Windows® Internet Explorer Publisher . . . . : Microsoft Corporation Description . . . : Microsoft Feeds Synchronization Version . . . . . : 8.00.6001.18702 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 121.0 C:\WINDOWS\system32\msiexec.exe Size . . . . . . . : 95 744 bytes Age . . . . . . . : 1873.4 days (2008-05-19 01:57:42) Entropy . . . . . : 6.1 SHA-256 . . . . . : 1A0FD1A186668B034ECB9A4F6C695C6C12D44C17BD4387A9CA7D3A9B0B4BA2CD Product . . . . . : Windows Installer - Unicode Publisher . . . . : Microsoft Corporation Description . . . : Windows® installer Version . . . . . : 4.5.6001.22159 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : MSIServer > Ikarus . . . . . . : Trojan.Win32.Jorik!IK Fuzzy . . . . . . : 124.0 Startup HKLM\SYSTEM\CurrentControlSet\Services\MSIServer\ References C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi\Uninstall.lnk C:\WINDOWS\system32\NOTEPAD.EXE Size . . . . . . . : 69 792 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.9 SHA-256 . . . . . : 9B3337C0408909980E118C907D2E5A9897CC02A342158D0416726865656130F9 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Notatnik Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 References C:\Documents and Settings\Default User\Menu Start\Programy\Akcesoria\Notatnik.lnk C:\Documents and Settings\Krzysiek\Menu Start\Programy\Akcesoria\Notatnik.lnk C:\Documents and Settings\Mama\Menu Start\Programy\Akcesoria\Notatnik.lnk C:\Documents and Settings\Tata\Menu Start\Programy\Akcesoria\Notatnik.lnk C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Notatnik.lnk HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\NOTEPAD.EXE HKU\S-1-5-21-682003330-1897051121-1417001333-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\notepad.exe HKU\S-1-5-21-682003330-1897051121-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\pentnt.exe Size . . . . . . . : 15 360 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:43:24) Entropy . . . . . : 4.0 SHA-256 . . . . . : 95F54577081FF6D6C8796B917051CECC4F7B387D8DF539E9CDE8BF154952B885 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Pentium Floating Point Divide Error Utility Version . . . . . : 5.1.2600.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 107.0 C:\WINDOWS\system32\perfmon.exe Size . . . . . . . : 15 872 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.3 SHA-256 . . . . . : 839FBE1A3B6B3917A440101DB43A958AB6758C03A4A502F82EF5D424C5B4BD53 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Performance Monitor Command Line Shell Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. All rights reserved. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\scrnsave.scr Size . . . . . . . : 8 832 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 4.8 SHA-256 . . . . . : 33CBFCC5E48BDFCC5C230A8C3F9AB95F8BA3D2857E023769C56C14A507566290 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Domyślny wygaszacz ekranu Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 107.0 C:\WINDOWS\system32\ss3dfo.scr Size . . . . . . . : 704 800 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 6.9 SHA-256 . . . . . : A07FA1CCDB7A79584CC5EE8645B3FDDB8BA4140AF808121FB6C55731C7C2A310 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu Latające obiekty Direct3D Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\ssmarque.scr Size . . . . . . . : 20 752 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.7 SHA-256 . . . . . : 93FCA5F306BF1CC24C9FDEACDE537D6F358ABF08F53A51C42138E0F8C7E9B6C2 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu Neon Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\ssmyst.scr Size . . . . . . . : 18 704 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.7 SHA-256 . . . . . : 548E21ED4970F584D033B4F377F1DEF2C20FBC356D01D32FDD0BB9BB00279060 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu Ukryj swe myśli Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\sspipes.scr Size . . . . . . . : 607 360 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 6.5 SHA-256 . . . . . : BC125173109BDD340B83FA0B47A89B07A8FB405C9375C200966F524DE77FA6B8 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu Rurociąg Direct3D Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\ssstars.scr Size . . . . . . . : 14 336 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.5 SHA-256 . . . . . : 8483A3C72B2C6563BB88BDAF02EA0C902846E0A37FAD76F1A481D3066CF1559E Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu Droga mleczna Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\sstext3d.scr Size . . . . . . . : 679 792 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 6.7 SHA-256 . . . . . : 9FCB653D48AA961377EEF359CDDC697FF12358EF182FC14D130A70925C622594 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Wygaszacz ekranu Tekst 3W Direct3D Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\syskey.exe Size . . . . . . . : 37 072 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:43:24) Entropy . . . . . : 5.5 SHA-256 . . . . . : 160DE6EE865C61C830E428390B5DD78DB92F561F776BA35CB7DE8BBD887AA402 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Narzędzie blokady menedżera SAM Version . . . . . : 5.1.2600.0 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\system32\usrmlnka.exe Size . . . . . . . : 77 824 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.9 SHA-256 . . . . . : EC79CC3C6F23B65BDEADE77BDD077587763DDF5444C2E1AC33BD4D8FB1DC42DE Product . . . . . : U.S. Robotics Modem Driver Publisher . . . . : U.S. Robotics Corporation Description . . . : U.S. Robotics driver interface Version . . . . . : 4. Copyright . . . . : Copyright (C) © 2000 U.S. Robotics Corporation > Ikarus . . . . . . : Virus.Win32.Crytex!IK Fuzzy . . . . . . : 113.0 C:\WINDOWS\system32\usrprbda.exe Size . . . . . . . : 61 440 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 5.2 SHA-256 . . . . . : 7F6D03B997C62D8EBE187F047CC4687162584CDABA5B357049FF9E4F12FF4BE4 Product . . . . . : U.S. Robotics modem Publisher . . . . : U.S. Robotics Corporation Description . . . : U.S. Robotics enable/disable probe Version . . . . . : 4. Copyright . . . . : Copyright (C) © 2000 U.S. Robotics Corporation > Ikarus . . . . . . : Virus.Win32.Crytex!IK Fuzzy . . . . . . : 113.0 C:\WINDOWS\system32\wiaacmgr.exe Size . . . . . . . : 445 440 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:44:34) Entropy . . . . . : 6.2 SHA-256 . . . . . : 39D9830AF4700776A2E3F4EA034BA637C1228D9D4DFE237D362C747F70FA4FC6 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Kreator pozyskiwania obrazów systemu Windows Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. > G Data . . . . . . : Win32.Virtob.Gen.9 > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 References C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria\Scanner and Camera Wizard.lnk C:\WINDOWS\system32\wscript.exe Size . . . . . . . : 155 648 bytes Age . . . . . . . : 1883.9 days (2008-05-08 13:24:44) Entropy . . . . . : 5.6 SHA-256 . . . . . : 208F41F277E7A9AF05ED98B00DDE97D482F90E0F133EC2A5F50DEE5974AEB1CE Product . . . . . : Microsoft (R) Windows Script Host Publisher . . . . : Microsoft Corporation Description . . . : Microsoft (R) Windows Based Script Host Version . . . . . : 5.7.0.18066 Copyright . . . . : Copyright (C) Microsoft Corp. 1996-2006, All Rights Reserved > Ikarus . . . . . . : Trojan.Win32.Spy!IK Fuzzy . . . . . . : 121.0 C:\WINDOWS\twunk_32.exe Size . . . . . . . : 25 600 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:43:59) Entropy . . . . . : 6.0 SHA-256 . . . . . : 8D1C21C9AB82AE451B068571540710894879B3617AF6A8B94FE4C27148D45E49 Product . . . . . : Twain Thunker Publisher . . . . : Twain Working Group Description . . . : Twain.dll Client's 32-Bit Thunking Server Version . . . . . : 1,7,1,0 > Ikarus . . . . . . : Virus.Win32.Virut!IK Fuzzy . . . . . . : 110.0 C:\WINDOWS\unhide.exe -> Deleted Size . . . . . . . : 862 720 bytes Age . . . . . . . : 143.6 days (2013-02-11 22:20:15) Entropy . . . . . : 7.9 SHA-256 . . . . . : 33600AB909E0C591F1AB3630095D5766D6948DF9FE30632BEEF8F40991444B66 Product . . . . . : EhRJZz Publisher . . . . : 42vsoeeku Description . . . : nCgDK Version . . . . . : 0.91.37042.14012 > G Data . . . . . . : Win32:Downloader-SBH [Trj] > Ikarus . . . . . . : Trojan-Downloader.Win32.Agent!IK Fuzzy . . . . . . : 115.0 Suspicious files ____________________________________________________________ C:\Documents and Settings\All Users\Dane aplikacji\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe Size . . . . . . . : 337 864 bytes Age . . . . . . . : 790.8 days (2011-05-06 16:34:48) Entropy . . . . . : 6.1 SHA-256 . . . . . : D0C3DC14B7BF94BEB39C8B6B372044A8373C9CDC5D90B2AA89514CC48DF0CBA6 Product . . . . . : Bootstrapper Small Publisher . . . . : Adobe Systems Incorporated Description . . . : Adobe Bootstrapper for Single Installation Version . . . . . : 4.0.0.1 Copyright . . . . : Copyright © 2008 Adobe Systems Incorporated. All rights reserved. RSA Key Size . . . : 1024 Authenticode . . . : Invalid Fuzzy . . . . . . : 28.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Programy i gry\Teamspeak2_RC2\unins000.exe Size . . . . . . . : 54 272 bytes Age . . . . . . . : 3735.4 days (2003-04-14 03:00:00) Entropy . . . . . : 6.4 SHA-256 . . . . . : 52E74DEB2BE2532F2F83C435CCDF34DEDDC752B87411458D377E7144DA3E492B Fuzzy . . . . . . : 24.0 File belongs to an identified security risk. Program contains PE structure anomalies. This is not typical for most programs. The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. C:\Programy i gry\Trust\GXT14 Mouse\POINTERGHOST.exe Size . . . . . . . : 4 833 792 bytes Age . . . . . . . : 581.8 days (2011-12-01 17:21:44) Entropy . . . . . : 6.9 SHA-256 . . . . . : C985445CA89606DC7DAD89CF3DA0982CEDCC88E652C181349E03912603691478 Product Publisher Description Version . . . . . : 1.2.0.0 Copyright Gossip . . . . . . : Trust GXT14 Mouse Configuration Parent Name . . . : C:\WINDOWS\Explorer.EXE Running processes : 2176 Fuzzy . . . . . . : 28.0 File belongs to an identified security risk. Program is running but currently exposes no human-computer interface (GUI). The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection. Uses the Windows Registry to run each time the user logs on. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is in use by one or more active processes. Startup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trustGTX14 References C:\Documents and Settings\Krzysiek\Menu Start\Programy\Trust\Trust GXT14 Mouse\Trust GXT14 Mouse Configuration.lnk HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Trust\GXT14 Mouse\POINTERGHOST.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Trust\GXT14 Mouse\POINTERGHOST.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Trust\GXT14 Mouse\POINTERGHOST.exe C:\Programy i gry\Windows Media Player\wmplayer.exe Size . . . . . . . : 64 000 bytes Age . . . . . . . : 794.8 days (2011-05-02 17:04:25) Entropy . . . . . : 6.1 SHA-256 . . . . . : E3937967820E69A385F6E35B690FC01BA708C2CE422D1B0B3469ACE8166B576B Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Windows Media Player Version . . . . . : 11.0.5721.5145 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. File belongs to an identified security risk. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files. References C:\Documents and Settings\Default User\Menu Start\Programy\Windows Media Player.lnk C:\Documents and Settings\Krzysiek\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk C:\Documents and Settings\Krzysiek\Menu Start\Programy\Windows Media Player.lnk C:\Documents and Settings\Mama\Menu Start\Programy\Windows Media Player.lnk C:\Documents and Settings\Tata\Menu Start\Programy\Windows Media Player.lnk C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Windows Media Player.lnk HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Windows Media Player\wmplayer.exe HKU\S-1-5-21-682003330-1897051121-1417001333-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Programy i gry\Windows Media Player\wmplayer.exe C:\WINDOWS\Explorer.EXE Size . . . . . . . : 1 035 264 bytes Age . . . . . . . : 794.7 days (2011-05-02 18:48:15) Entropy . . . . . : 6.7 SHA-256 . . . . . : 5978008E9F8149D77CB58C71F94DF5855428764E305A3B7DE67B01730D3DA59C Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Eksplorator Windows Version . . . . . : 6.00.2900.5512 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. Desktop . . . . . : Default Running processes : 500 Fuzzy . . . . . . : 28.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Substitutes Explorer.exe as the default shell. Malware tends to start this way. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is in use by one or more active processes. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files. Program has a human-computer interface (GUI). This is typical for most programs. Startup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell References C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria\Komunikacja\Połączenia sieciowe.lnk C:\Documents and Settings\All Users\Menu Start\Programy\Akcesoria\Narzędzia systemowe\Zaplanowane zadania.lnk C:\Documents and Settings\Default User\Menu Start\Programy\Akcesoria\Eksplorator Windows.lnk C:\Documents and Settings\Krzysiek\Menu Start\Programy\Akcesoria\Eksplorator Windows.lnk C:\Documents and Settings\Mama\Menu Start\Programy\Akcesoria\Eksplorator Windows.lnk C:\Documents and Settings\Tata\Menu Start\Programy\Akcesoria\Eksplorator Windows.lnk C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Akcesoria\Eksplorator Windows.lnk HKU\S-1-5-21-682003330-1897051121-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE HKU\S-1-5-21-682003330-1897051121-1417001333-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE HKU\S-1-5-21-682003330-1897051121-1417001333-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE HKU\S-1-5-21-682003330-1897051121-1417001333-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE HKU\S-1-5-21-682003330-1897051121-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\Explorer.EXE C:\WINDOWS\inf\unregmp2.exe Size . . . . . . . : 318 976 bytes Age . . . . . . . : 1883.7 days (2008-05-08 20:01:07) Entropy . . . . . : 5.4 SHA-256 . . . . . : EC90BF20D1E2715AA9007448868235E79994F65915B91C77FA95C9AEE2F79D55 Product . . . . . : System operacyjny Microsoft® Windows® Publisher . . . . : Microsoft Corporation Description . . . : Narzędzie Instalatora programu Microsoft Windows Media Player Version . . . . . : 11.0.5721.5235 Copyright . . . . : © Microsoft Corporation. Wszelkie prawa zastrzeżone. Fuzzy . . . . . . : 28.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Program is impersonating a common Windows system file. This is typical for malware. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files. Startup HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\ References HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\INF\unregmp2.exe HKU\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\INF\unregmp2.exe HKU\S-1-5-19\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\INF\unregmp2.exe HKU\S-1-5-20\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\INF\unregmp2.exe C:\WINDOWS\system32\GameMon.des Size . . . . . . . : 4 770 728 bytes Age . . . . . . . : 663.7 days (2011-09-10 18:08:26) Entropy . . . . . : 7.9 SHA-256 . . . . . : BF2DA493A23078B85C44005D0CA5FDDD604AF3B49C952C1DCC615B816BC1CE98 Product . . . . . : nProtect Game Monitor Publisher . . . . : INCA Internet Co., Ltd. Description . . . : nProtect Game Monitor Rev 1783 Version . . . . . : 2011.9.5.1 Copyright . . . . : Copyright ⓒ 2000-2007 INCA Internet Service . . . . . : npggsvc Fuzzy . . . . . . : 31.0 The file name extension of this program is not common. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Starts automatically as a service during system bootup. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Startup HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\ C:\WINDOWS\system32\ieudinit.exe Size . . . . . . . : 36 864 bytes Age . . . . . . . : 1580.3 days (2009-03-08 04:32:52) Entropy . . . . . : 5.5 SHA-256 . . . . . : 638C03B701B887B961601ED5631E125DEE193794B810710641A8CA04554E099A Product . . . . . : Windows® Internet Explorer Publisher . . . . : Microsoft Corporation Description . . . : IE Per User Active Setup Uninstall Utility Version . . . . . : 8.00.6001.18702 Copyright . . . . : © Microsoft Corporation. All rights reserved. Fuzzy . . . . . . : 23.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files. Startup HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\ F:\SpeedyDrive\mounter.exe Size . . . . . . . : 25 088 bytes Age . . . . . . . : 184.9 days (2013-01-01 13:43:41) Entropy . . . . . : 6.1 SHA-256 . . . . . : 5FF519F7E369D710D2877C8144EA01B0616C6360C5785806DC42CF940D10A3F4 Service . . . . . : DokanMounter Parent Name . . . : C:\WINDOWS\system32\services.exe Running processes : 552 Fuzzy . . . . . . : 32.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Starts automatically as a service during system bootup. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is in use by one or more active processes. Startup HKLM\SYSTEM\CurrentControlSet\Services\DokanMounter\ Potential Unwanted Programs _________________________________________________ C:\Documents and Settings\Administrator\Dane aplikacji\BabylonToolbar\ (Babylon) C:\Documents and Settings\Kamila\Dane aplikacji\BabylonToolbar\ (Babylon) Cookies _____________________________________________________________________ C:\Documents and Settings\Krzysiek\Cookies\162CPLT5.txt C:\Documents and Settings\Krzysiek\Cookies\1G1814DH.txt C:\Documents and Settings\Krzysiek\Cookies\L54P8VDI.txt C:\Documents and Settings\Krzysiek\Cookies\N8WCEIEI.txt C:\Documents and Settings\Krzysiek\Cookies\RCKFT56X.txt C:\Documents and Settings\Krzysiek\Cookies\S58VUW1H.txt C:\Documents and Settings\Krzysiek\Cookies\WHDD3A6S.txt C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ad.propellerads.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ad.yieldmanager.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ad.zanox.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adbrite.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adlegend.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.ad4game.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.businessclick.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.idg.pl C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.lotniczapolska.pl C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.o2.pl C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.trafficjunky.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.undertone.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ads.webme.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adserver.adreactor.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adserver.adtechus.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adserver.temat.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adtech.de C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adtechus.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:adultfriendfinder.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:advertising.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:apmebf.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:atdmt.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:bs.serving-sys.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:casalemedia.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:collective-media.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:content.yieldmanager.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:doubleclick.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:emjcd.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:exoclick.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:fastclick.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:invitemedia.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:kaspersky.122.2o7.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:kontera.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:livejasmin.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:media6degrees.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:mediaplex.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:microsoftwindows.112.2o7.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:mm.chitika.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:questionmarket.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:revsci.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:ru4.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:server.cpmstar.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:serving-sys.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:sexad.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:smartadserver.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:stat.4u.pl C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:statcounter.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:statse.webtrendslive.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:streamate.doublepimp.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:tradedoubler.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:tribalfusion.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:www.burstnet.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:www.emjcd.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:www.googleadservices.com C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:yadro.ru C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:yieldmanager.net C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\709olj7o.default-1372859399453\cookies.sqlite:zedo.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:ad.360yield.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:ad.adocean.pl C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:ad.yieldmanager.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:ads.businessclick.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:adtechus.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:atdmt.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:casalemedia.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:doubleclick.net C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:exoclick.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:int.sitestat.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:invitemedia.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:serving-sys.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:smartadserver.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:specificclick.net C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:statse.webtrendslive.com C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:track.adform.net C:\Documents and Settings\Mama\Dane aplikacji\Mozilla\Firefox\Profiles\fnb7le32.default\cookies.sqlite:tradedoubler.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:ad.mondeos.pl C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:ad.yieldmanager.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:ad.zanox.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:ads.dothads.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:autosex.pl C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:bs.serving-sys.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:doubleclick.net C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:eas.apm.emediate.eu C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:ero-advertising.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:exoclick.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:panienki-frywolne.xxx-laski.sexstrony.szalone.info C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:piss-porno-zwiastuny.xxx-laski.ona.eronica.pl C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:serving-sys.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:sexcamera.pl C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:sexkamera.pl C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:smartadserver.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:statse.webtrendslive.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:tradedoubler.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:www.autosex.pl C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:www.googleadservices.com C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mza79oer.default\cookies.sqlite:xiti.com [/code]