To jest log z Combofix
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Oto log z combofix"
ComboFix 08-12-01.03 - Admin 2008-12-03 10:08:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.620 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Dane aplikacji\FunWebProducts
c:\documents and settings\Admin\Dane aplikacji\FunWebProducts\Data\Admin\wffavs.dat
c:\documents and settings\Admin\Dane aplikacji\inst.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0342141B.urr
c:\program files\FunWebProducts\Shared\01C76D1C.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-03 do 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 11:05 . 2008-12-02 15:49 <DIR> d-------- c:\documents and settings\All Users\CyberLink
2008-12-01 17:06 . 2008-12-01 17:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-29 23:15 . 2008-11-30 00:42 <DIR> d-------- c:\program files\Ulead Systems
2008-11-28 08:22 . 2008-11-28 08:22 <DIR> d-------- c:\program files\Burn4Free Toolbar
2008-11-28 08:22 . 2008-11-28 08:22 <DIR> d-------- c:\program files\Burn4Free
2008-11-27 14:43 . 2008-11-27 14:43 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-25 20:27 . 2008-11-26 15:40 48 --a------ c:\windows\CDCOPS.INI
2008-11-25 13:27 . 2008-11-26 16:19 230 --a------ c:\windows\Elf_v_3.iix
2008-11-25 13:24 . 2008-11-25 18:54 273 --a------ c:\windows\Frog_Man.iix
2008-11-25 13:09 . 2001-07-01 17:30 112,640 --a------ c:\windows\lsb_un20.exe
2008-11-25 13:08 . 2008-11-25 13:10 <DIR> d-------- c:\program files\SPIDI
2008-11-25 11:57 . 2008-11-25 11:58 <DIR> d-------- c:\program files\Chicken Invaders 2 Christmas Edition demo
2008-11-25 11:53 . 2008-11-25 11:55 <DIR> d-------- c:\program files\Realore
2008-11-25 11:46 . 2008-11-27 17:05 <DIR> d-------- c:\program files\German Classics GP
2008-11-25 11:36 . 2008-11-25 11:36 <DIR> d-------- c:\program files\Mirage Interactive
2008-11-19 07:09 . 2008-11-19 07:09 8 --a------ c:\windows\system32\nvModes.dat
2008-11-19 07:07 . 2008-11-19 07:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-17 00:50 . 2008-11-17 00:50 46 --a------ c:\windows\LoveIs.ini
2008-11-13 00:29 . 2008-11-13 00:29 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-06 20:38 . 2008-11-06 20:47 <DIR> d-------- c:\program files\Media Convert Master
2008-11-06 20:38 . 2008-11-06 20:38 81,920 --a------ c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe
2008-11-04 10:31 . 2008-11-04 10:31 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NVIDIA
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 08:48 --------- d-----w c:\program files\Tlen.pl
2008-12-03 08:29 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Skype
2008-12-03 08:29 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\OpenOffice.ux.pl2
2008-12-03 08:23 --------- d-----w c:\program files\GetRight
2008-12-03 08:18 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\skypePM
2008-12-02 10:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 10:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-12-02 09:59 --------- d-----w c:\program files\CyberLink
2008-12-01 15:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ulead Systems
2008-11-29 23:42 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Ulead Systems
2008-11-29 10:37 --------- d-----w c:\program files\dvdSanta
2008-11-28 17:08 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 08:08 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-27 16:37 --------- d-----w c:\program files\Metin2_PL
2008-11-27 14:59 --------- d-----w c:\program files\Codec Pack - All In 1
2008-11-27 14:53 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\uTorrent
2008-11-19 09:19 --------- d-----w c:\program files\FrameShow
2008-11-11 14:03 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Tlen.pl
2008-11-06 19:39 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Vso
2008-11-06 19:38 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-06 19:38 47,360 ----a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-11-02 11:32 --------- d-----w c:\program files\AxBx
2008-11-02 11:28 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-02 11:28 --------- d-----w c:\program files\Spyware Doctor
2008-11-02 11:26 --------- d-----w c:\program files\Turtix
2008-11-02 11:25 --------- d-----w c:\program files\ReflexiveArcade
2008-10-25 11:36 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\.wyzo
2008-10-24 21:35 1,078,601 ----a-w c:\windows\screen saver mp3 01.scr
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 12:55 --------- d-----w c:\program files\vghd
2008-10-17 16:39 152,904 ----a-w c:\windows\system32\vghd.scr
2008-10-17 16:39 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\vghd
2008-10-17 14:50 --------- d-----w c:\program files\Common Files\Totem Shared
2008-10-17 14:00 --------- d-----w c:\program files\AviSynth 2.5
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-06 15:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-10-05 14:58 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Thinstall
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 09:24 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2007-12-14 22:13 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "c:\program files\download-boosters\tbdow0.dll" [2008-07-08 1569304]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2008-07-08 11:51 1569304 --a------ c:\program files\download-boosters\tbdow0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"= "c:\program files\download-boosters\tbdow0.dll" [2008-07-08 1569304]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "c:\program files\download-boosters\tbdow0.dll" [2008-07-08 1569304]
[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2008-01-15 6290944]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-07-26 3305472]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-08 185896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UpdatePPShortCut"="d:\powerproducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Admin\Menu Start\Programy\Autostart\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2008-10-17 357712]
OpenOffice.ux.pl 2.2.1.lnk - c:\program files\OpenOffice.ux.pl 2.2.1\program\quickstart.exe [2007-07-10 17408]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2007-12-14 2301952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AFPAnsi;G-DATA Ukrywacz Ansi;c:\windows\system32\Drivers\AFPAnsi.sys [2007-12-16 43904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560]
S0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\Drivers\FO_PAnt.sys []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-01-23 428160]
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
2008-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\0tr4qp8n.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF -: plugin - c:\documents and settings\Admin\Dane aplikacji\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npkimi.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 10:09:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-12-03 10:10:50
ComboFix-quarantined-files.txt 2008-12-03 09:10:30
Przed: 13 633 282 048 bajtów wolnych
Po: 14,457,364,480 bajtów wolnych
197 --- E O F --- 2008-12-02 21:34:02
Zeskanowałam tez Dr.Web CureIt tak jak radziłeś i wyszło coś takiego:
» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "raport ze skanowania Dr.Web CureIT"
bearshare525.exe\data016;C:\Documents and Settings\Admin\Moje dokumenty\instalowane programy\bearshare525.exe;Adware.SearchAid.40;;
bearshare525.exe;C:\Documents and Settings\Admin\Moje dokumenty\instalowane programy;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Admin\Pulpit\ComboFix.exe;Prawdopodobnie BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Admin\Pulpit\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Admin\Pulpit;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
C2152591d01\32788R22FWJFW\C.bat;C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\0tr4qp8n.default\Cache\C2152591d01;Prawdopodobnie BATCH.Virus;;
C2152591d01\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\0tr4qp8n.default\Cache\C2152591d01;Program.PsExec.171;;
C2152591d01;C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\0tr4qp8n.default\Cache;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
RunMSC.dll;C:\Program Files\BearShare;Adware.SearchAid.40;;
A0228086.scr;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.7;;
A0228088.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.5;;
A0228089.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.13;;
A0228090.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MWS.72;;
A0228091.EXE;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.Websearch.7;;
A0228092.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MWS.74;;
A0228094.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.3;;
A0228095.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.4;;
A0228096.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MWS.78;;
A0228097.SCR;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.7;;
A0228099.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.8;;
A0228100.EXE;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.9;;
A0228101.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.10;;
A0228104.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.11;;
A0228105.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MWS;;
A0228108.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.12;;
A0228110.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MWS.76;;
A0228111.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.MyWebSearch.14;;
A0228113.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.Websearch.origin;;
A0228114.EXE;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP389;Adware.Websearch.8;;
A0228245.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP390;Adware.MyWebSearch.5;;
A0228247.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP390;Adware.MWS.72;;
A0228248.EXE;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP390;Adware.Websearch.7;;
A0228249.DLL;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP390;Adware.MWS.74;;
A0229155.dll;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP393;Adware.MWS.72;;
A0229253.bat;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP394;Prawdopodobnie BATCH.Virus;;
A0229283.bat;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP394;Prawdopodobnie BATCH.Virus;;
A0229322.bat;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP395;Prawdopodobnie BATCH.Virus;;
A0229355.bat;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP395;Prawdopodobnie BATCH.Virus;;
A0229375.bat;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP395;Prawdopodobnie BATCH.Virus;;
A0229406.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP395\A0229406.exe;Prawdopodobnie BATCH.Virus;;
A0229406.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP395\A0229406.exe;Program.PsExec.171;;
A0229406.exe;C:\System Volume Information\_restore{24A02BF6-B2EA-46D9-84B6-50CF91ECB2F2}\RP395;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
