Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003

Rozpoczęty przez rafal194 , 06 02 2009 14:44

Temat jest zamknięty

4 odpowiedzi w tym temacie

#1 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #1$ rafal194

Zaawansowany użytkownik

413 postów

Napisano 06 02 2009 - 14:44

Czasami zdarza się tak ze avast wykrywa wirusa w lokalizacji E:\RECYCLER\S-1-5-21-1454471165-1177238915-725345543-1003

chociaż kosz jest pusty.Oraz żauważyłem dziś że w folderze E:\RECYCLER\NPROTECT znalazło się kilka rzeczy w tym gra która zginęła po defragmentacji.

ComboFix 09-02-05.01 - rafal 2009-02-06  9:10:46.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1022.575 [GMT 1:00]
Uruchomiony z: c:\documents and settings\rafal\Pulpit\ComboFix.exe
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\rafal\Dane aplikacji\FunWebProducts
c:\documents and settings\rafal\Dane aplikacji\inst.exe
c:\program files\FunWebProducts
c:\windows\system32\NCTAVIFile.dll
c:\windows\system32\NCTQuickTimeFile.dll
c:\windows\system32\NCTRMFile.dll
c:\windows\system32\NCTVideoCoreM.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\RScom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YCPlugins\RS.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddlwarez.dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gameblog.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\gwarez.dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-06 do 2009-02-06  )))))))))))))))))))))))))))))))
.

2009-02-05 18:41 . 2009-02-05 18:41	3,859	--a------	C:\block_online.php
2009-02-05 09:35 . 2009-02-05 11:23	<DIR>	d--------	c:\program files\Norton Security Scan
2009-02-03 11:15 . 2009-02-03 11:15	1,601	--a------	c:\windows\unins001.dat
2009-02-03 11:00 . 2009-02-03 11:00	<DIR>	d--------	c:\program files\Stardock
2009-02-03 11:00 . 2009-02-03 11:00	<DIR>	d--------	c:\program files\Common Files\Stardock
2009-02-03 11:00 . 2004-04-26 13:47	163,456	--a------	c:\windows\system32\drivers\vidstub.sys
2009-02-03 10:13 . 2009-02-03 11:05	<DIR>	d--------	c:\program files\ChomikBox
2009-02-02 21:17 . 2009-02-02 21:22	<DIR>	d--------	c:\program files\SmartFTP Client
2009-02-02 21:05 . 2009-02-02 21:05	<DIR>	d--------	c:\program files\FileZilla FTP Client
2009-02-01 21:52 . 2009-02-01 21:52	<DIR>	d--------	c:\windows\system32\Pajacyk dir
2009-02-01 21:52 . 2009-02-01 21:52	203,264	--a------	c:\windows\system32\Pajacyk.scr
2009-02-01 21:45 . 2009-02-01 22:28	<DIR>	d--------	c:\program files\MySecretFolder XP
2009-01-31 14:12 . 2009-01-31 14:16	<DIR>	d--------	c:\windows\NV48004816.TMP
2009-01-31 01:46 . 2009-01-31 01:46	2,214,745	--a------	c:\windows\Green Rivers no_clock.scr
2009-01-30 17:28 . 2009-01-30 17:28	21,512	--a------	c:\windows\system32\drivers\pxscan.sys
2009-01-30 17:28 . 2009-01-30 17:28	64	--a------	c:\windows\wininit.ini
2009-01-30 09:41 . 2009-01-30 09:41	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\Xentient
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Ustawienia lokalne
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Szablony
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d---s----	c:\documents and settings\Administrator
2009-01-30 00:39 . 2009-02-01 04:17	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Download Manager
2009-01-28 10:32 . 2009-01-28 10:32	<DIR>	d--------	c:\program files\Common Files\Xara
2009-01-26 11:36 . 2009-01-26 11:36	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\CyberLink
2009-01-26 11:35 . 2009-01-26 11:35	<DIR>	d--------	c:\program files\Common Files\CyberLink
2009-01-26 11:35 . 2009-01-26 11:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-26 11:34 . 2009-01-26 11:31	29,480	--a------	c:\windows\system32\msxml3a.dll
2009-01-26 11:11 . 2009-01-26 11:11	<DIR>	d--------	c:\program files\Extra Video Converter
2009-01-26 10:53 . 2009-01-26 10:53	<DIR>	d--------	c:\program files\XviD
2009-01-26 10:53 . 2009-01-26 10:53	<DIR>	d--------	c:\program files\Apex
2009-01-26 10:37 . 2009-01-26 10:37	<DIR>	d--------	c:\windows\WinAVI Video Converter 9.0
2009-01-26 10:37 . 2009-01-26 10:50	<DIR>	d--------	c:\program files\WinAVI Video Converter 9.0
2009-01-25 13:01 . 2009-01-25 13:31	<DIR>	d--------	c:\program files\WinMerge
2009-01-24 21:11 . 2009-01-25 08:30	<DIR>	d--------	c:\program files\Odkurzacz
2009-01-22 17:55 . 2009-02-05 10:44	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\GameHouse
2009-01-22 17:55 . 2009-01-22 17:55	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9
2009-01-22 15:55 . 2009-01-29 23:39	8	--a------	c:\windows\system32\nvModes.dat
2009-01-20 20:28 . 2009-01-20 20:28	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\NeroDCTemplates
2009-01-20 15:49 . 2009-01-31 17:23	183,112	--a------	c:\windows\system32\PnkBstrB.exe
2009-01-20 15:49 . 2009-01-31 17:23	138,184	--a------	c:\windows\system32\drivers\PnkBstrK.sys
2009-01-20 15:49 . 2009-01-20 16:11	66,872	--a------	c:\windows\system32\PnkBstrA.exe
2009-01-20 11:42 . 2009-01-20 11:42	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Leadertech
2009-01-19 21:08 . 2009-01-19 21:08	18	--a------	c:\windows\avi2divx.INI
2009-01-19 20:48 . 2009-01-21 10:26	<DIR>	d--------	C:\ConverterOutput
2009-01-19 20:47 . 2009-01-19 20:47	<DIR>	d--------	c:\windows\system32\codec
2009-01-19 20:47 . 2009-01-19 20:47	<DIR>	d--------	c:\program files\avi2divx
2009-01-19 13:31 . 2009-01-21 10:26	<DIR>	d--------	C:\RmConverterOutput
2009-01-18 11:07 . 2009-01-18 11:07	<DIR>	d--------	c:\program files\Common Files\DirectX
2009-01-18 09:52 . 2009-01-18 10:07	<DIR>	d--------	c:\program files\Webshots
2009-01-18 09:52 . 2009-01-18 09:52	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Webshots
2009-01-17 20:17 . 2009-01-17 20:17	<DIR>	d--------	c:\program files\RMClock
2009-01-17 20:16 . 2009-01-17 20:16	<DIR>	d--------	c:\program files\XN Resource Editor
2009-01-17 16:56 . 2009-01-17 17:02	<DIR>	d--------	C:\Resource Hacker
2009-01-15 23:57 . 2009-01-15 23:57	45	--a------	c:\windows\system32\initdebug.nfo
2009-01-15 08:19 . 2009-01-15 08:19	1,253,376	--a------	c:\windows\system32\NvPVEnc.ax
2009-01-12 20:18 . 2009-01-12 20:18	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\vsosdk
2009-01-12 19:38 . 2009-01-12 19:38	34,308	--a------	c:\windows\system32\Chip.dll
2009-01-12 19:38 . 2009-01-12 19:38	18,152	--a------	c:\windows\system32\Pvt.tmp
2009-01-12 19:37 . 2009-01-12 19:37	<DIR>	d--------	c:\program files\VSO
2009-01-12 19:37 . 2004-05-04 11:53	1,645,320	--a------	c:\windows\gdiplus.dll
2009-01-12 19:37 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\system32\wvc1dmod.dll
2009-01-12 19:37 . 2006-05-11 19:21	626,688	--a------	c:\windows\system32\vp7vfw.dll
2009-01-12 19:37 . 2006-09-29 12:24	217,127	--a------	c:\windows\system32\drv43260.dll
2009-01-12 19:37 . 2006-09-29 12:25	208,935	--a------	c:\windows\system32\drv33260.dll
2009-01-12 19:37 . 2006-09-29 12:26	176,165	--a------	c:\windows\system32\drv23260.dll
2009-01-12 19:37 . 2007-03-18 20:37	65,602	--a------	c:\windows\system32\cook3260.dll
2009-01-12 14:55 . 2009-01-12 14:55	26	--a------	C:\webalizer.hist
2009-01-10 21:21 . 2009-01-30 05:12	<DIR>	d--hs----	C:\Boot
2009-01-10 15:14 . 2009-01-10 15:14	<DIR>	d--------	c:\program files\Lavalys
2009-01-10 10:59 . 2009-01-10 10:59	61	--a------	c:\windows\MouseDrv.INI
2009-01-10 10:58 . 2009-01-10 10:58	<DIR>	d--------	c:\program files\Multimedia Mouse Driver
2009-01-09 20:32 . 2009-01-09 20:32	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\LEGO Company
2009-01-09 08:57 . 2009-01-09 09:19	4,107	--a------	c:\windows\system32\oodbs.lor
2009-01-09 08:46 . 2009-01-09 08:46	0	--a------	c:\windows\oodcnt.INI
2009-01-09 08:44 . 2009-01-09 10:02	<DIR>	d--------	c:\windows\system32\oodag
2009-01-07 23:05 . 2009-01-07 23:05	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Consultia
2009-01-07 22:46 . 2009-01-07 23:05	<DIR>	d--------	c:\program files\CubeDesktop
2009-01-06 20:03 . 2009-01-11 19:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\SugarGames
2009-01-06 08:14 . 2009-01-06 08:14	1,409	--a------	c:\windows\system32\tmpCBF6F.FOT
2009-01-06 08:14 . 2009-01-06 08:14	1,409	--a------	c:\windows\system32\tmpB007F.FOT

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 08:17	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Skype
2009-02-06 08:16	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-06 08:03	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\skypePM
2009-02-05 17:41	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\FileZilla
2009-02-05 08:35	---------	d-----w	c:\program files\Common Files\Symantec Shared
2009-02-02 22:05	8,059	----a-w	c:\windows\gdrv.sys
2009-02-02 22:05	---------	d-----w	c:\program files\Dino And Aliens
2009-02-01 14:35	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\gtk-2.0
2009-01-31 18:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\uTorrent
2009-01-31 13:14	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-01-31 13:14	---------	d-----w	c:\program files\AGEIA Technologies
2009-01-30 21:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI
2009-01-29 01:00	---------	d-----w	c:\program files\uTorrent
2009-01-27 23:03	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-01-26 10:26	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Vso
2009-01-26 10:22	47,360	----a-w	c:\documents and settings\rafal\Dane aplikacji\pcouffin.sys
2009-01-23 18:04	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-01-17 20:07	---------	d-----w	c:\program files\Windows Media Connect 2
2009-01-17 20:03	---------	d-----w	c:\program files\CamStudio
2009-01-15 07:19	6,301,248	----a-w	c:\windows\system32\drivers\nv4_mini.sys
2009-01-12 18:37	47,360	----a-w	c:\windows\system32\drivers\pcouffin.sys
2009-01-10 08:25	---------	d-----w	c:\program files\SAGEM WiFi manager
2009-01-09 07:11	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Winamp
2009-01-05 18:05	---------	d-----w	c:\program files\adni18
2009-01-05 17:25	---------	d-----w	c:\program files\Sharks of Nemo
2009-01-05 16:21	---------	d-----w	c:\program files\PopCap Games
2009-01-05 13:37	---------	d-----w	c:\program files\Rockstar Games
2009-01-05 13:37	---------	d-----w	c:\program files\ReflexiveArcade
2009-01-05 13:35	---------	d-----w	c:\program files\Play
2009-01-05 13:34	---------	d-----w	c:\program files\GameTop.com
2009-01-05 13:26	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\EleFun Games
2009-01-04 18:57	---------	d-----r	c:\program files\Skype
2009-01-04 17:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\XemiComputers
2009-01-04 17:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\XemiComputers
2009-01-04 16:58	---------	d-----w	c:\program files\Macromedia
2009-01-04 16:56	---------	d-----w	c:\program files\Common Files\Macromedia
2009-01-01 22:14	---------	d-----w	c:\program files\Nero
2009-01-01 22:14	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Nero
2009-01-01 22:13	---------	d-----w	c:\program files\Common Files\Nero
2009-01-01 22:13	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-31 10:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Symantec
2008-12-31 10:44	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec
2008-12-31 10:42	---------	d-----w	c:\program files\Norton Ghost
2008-12-30 19:22	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Ahead
2008-12-30 18:34	---------	d-----w	c:\program files\<a href="http://www.download.net.pl/354/GIMP/">GIMP</a>-2.0
2008-12-30 16:47	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Barbie Fashion Show
2008-12-29 12:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Magic Seeds
2008-12-29 11:59	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\PlayFirst
2008-12-29 11:59	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PlayFirst
2008-12-29 11:53	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Go Go Gourmet
2008-12-29 11:47	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Gamelab
2008-12-29 11:44	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Trymedia
2008-12-29 10:08	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Valusoft
2008-12-29 10:08	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Valusoft
2008-12-29 10:07	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Jane s Hotel  Family Hero
2008-12-29 10:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Youdagames
2008-12-29 08:49	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\FreshGames
2008-12-29 08:39	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Go-Go Gourmet Chef of the Year
2008-12-29 08:30	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Alawar
2008-12-29 08:24	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\75-55-88-55-55-55
2008-12-29 08:06	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Acronis
2008-12-29 07:58	---------	d-----w	c:\documents and settings\LocalService\Dane aplikacji\Acronis
2008-12-29 07:54	441,760	----a-w	c:\windows\system32\drivers\timntr.sys
2008-12-29 07:54	44,384	----a-w	c:\windows\system32\drivers\tifsfilt.sys
2008-12-29 07:54	368,480	----a-w	c:\windows\system32\drivers\tdrpman.sys
2008-12-29 07:54	129,248	----a-w	c:\windows\system32\drivers\snapman.sys
2008-12-29 07:54	---------	d-----w	c:\program files\Common Files\Acronis
2008-12-29 07:54	---------	d-----w	c:\program files\Acronis
2008-12-29 07:54	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Acronis
2008-12-29 07:47	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\ViquaSoft
2008-12-29 07:45	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\VirtualFarm
2008-12-29 07:35	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Gogii
2008-12-28 17:41	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Legacy Interactive
2008-12-28 17:39	---------	d-----w	c:\program files\Legacy Interactive
2008-12-26 16:46	---------	d-----w	c:\program files\LSoft Technologies
2008-12-24 10:23	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\SPORE
2008-12-24 09:21	---------	d-----w	c:\program files\Electronic Arts
2008-12-22 22:58	---------	d-----w	c:\program files\GameHouse
2008-12-21 21:36	---------	d-----w	c:\program files\Zylom Games
2008-12-21 21:36	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Zylom
2008-12-21 14:27	---------	d-----w	c:\program files\Common Files\Raxco
2008-12-21 14:21	---------	d-----w	c:\program files\RAXCO
2008-12-21 14:21	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Raxco
2008-12-20 16:12	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\SmartFTP
2008-12-20 10:57	---------	d-----w	c:\program files\FDRLab
2008-12-18 18:15	---------	d-----w	c:\program files\Paint.NET
2008-12-15 14:09	1,728,894	----a-w	c:\windows\Snow Owl  clock.scr
2008-12-15 10:59	---------	d-----w	c:\program files\Build in Time
2008-12-15 10:06	51,712	----a-w	c:\windows\wc98pp.dll
2008-12-13 23:03	---------	d-----w	c:\program files\Binboy
2008-12-13 17:54	---------	d-----w	c:\program files\Secret Maryo Chronicles
2008-12-13 15:12	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-12-13 12:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\smc
2008-12-12 22:18	---------	d-----w	c:\program files\Farm Mania
2008-12-12 18:56	---------	d-----w	c:\program files\McFunSoft Video Capture Convert Burn Solution
2008-12-12 18:17	81,920	----a-w	c:\documents and settings\rafal\Dane aplikacji\ezpinst.exe
2008-12-12 18:14	---------	d-----w	c:\program files\Total Video Converter
2008-12-12 11:47	---------	d-----w	c:\program files\PowerISO
2008-12-11 10:57	333,952	----a-w	c:\windows\system32\drivers\srv.sys
2008-12-06 22:14	---------	d-----w	c:\program files\Fox
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-10 25795368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"RemoteControl8"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-25 99920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-10-21 950272]
Skr˘t do ashDisp.lnk - c:\program files\Alwil Software\Avast4\ashDisp.exe [2008-10-21 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\[u]0[/u]autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\PopCap Games\\Bejeweled Deluxe 1.861\\WinBej.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-01-30 21512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-21 111184]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24:04 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-21 20560]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2008-10-25 3744]
R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-30 4107832]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2008-10-25 3904]
R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [2009-02-01 39424]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-10-21 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcad9646-a2c9-11dd-8c16-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-05 c:\windows\Tasks\Norton Security Scan for rafal.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{43FE2BCB-29B5-4364-8151-E85CD8753969}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.http - anonymous server
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 09:17:56
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a7,e7,dd,b1,c4,e3,4d,b1,62,0b,c6,b2,21,c2,b7,6c,cc,b7,c8,c1,d0,99,ea,
   99,3e,73,64,34,e6,bd,4d,6b,bb,a3,c5,26,45,1c,d5,7e,dc,89,ab,a3,35,68,80,a9,\
"??"=hex:e1,d5,43,cb,aa,d9,59,5b,c1,7d,eb,6e,70,f9,1e,22

[HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c3,29,99,f7,55,51,91,ed,b9,2f,1f,80,1a,ad,f6,7c,cb,ba,24,83,dd,
   bc,e5,60,7c,de,90,bb,5c,62,ad,92,06,11,1b,8d,9c,93,16,a1,ae,46,3c,55,4e,c9,\
"rkeysecu"=hex:d3,91,4b,31,71,4d,97,0c,de,42,3c,d0,c3,4c,37,ce

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="05401A41EE7C4B04137F4BE1E8FA7D0BAB1CFB8C4914076D9F2B5BE7E3DA01DFCB2BA902B86E
2FAB9B7ECC013D1F9B531EB2F7BA36D7C68A249BDD08A6E264F674B600F643FBAC4511E87CC6052B
3
60F8405F8B0BDF8EA8E4AA3170842F07FA2BC4CFDA42BED872697EDEBA1183C110E0FA6E2E98D8AD
5
E56BDE590FE02B758E44AC847C30A1C754B9912EF3ED06B6554D8119D3F935B5324239FA394E4EB5
1
70FE87DE93908B90CE32B5D1326CEF31C37D0875379B2F54A6D75D597792BEB50076854C9CDA8ECB
D
69E7154981F0D8D028271BBDA5D2493570294AAD77A58C80F765F7EA9B19360BFC4576D467FEBC9E
1
27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E1
2
7BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794DC6AA7F5
0
A4BD7B581D90F8813192FE83A247D628773C8AA1B100AE1D107DE9E470404155B4FBE77C69542BF0
7
380C401F20CA6874B7C4BDC901467D1E8F234EF145C4883D8BC9ED080650EE8660BF3B9EC055C7AF
8
639139AC454B9473CBB3B38B6E6716187821F579914A18A49C0961EF0F3959669AB42686C2957B10
9
58F5092A1D5ACE4D6534D8809C495F31793599E2B44DD96E138624C7EEF690741D32E9304F3060ED
E
278472EADBBA4D7C79C1E8B574C7DA7D7BFCFEE02A16F0021477321174145FCDFDDEDDBBFB2CC02F
D
F6CE244F555CA95BEE82B975432C337133D01842C38091B679AF057DCAA1F86092E1A9C68E210FF0
B
C68478E2B77190E92C3F455CE68C6B30381694785BD882C60A1DD9903CDF45D72407BC48A573EEA2
B
9ED90560A63D9759EB0DAFC890020CF5EAC458A0B67DDD80DC7A48FBA6386FE5CA2EBB573C19187C
8
DB97EDDDD39248F31A8483B054DA079272EF8F8919BF74CC51D1A797A805D8F16F8AEF23F878908F
A
966086348FC7939846ED611B0455909C1670EC08A0055E4C1D71171EC846E3625F4E1E16F0EBA841
B
46F78978F4A84F64B46C0DFA79F54883AA8C2BBDED8C79418F2025123173AC42E7A6433610F220C3
5
55E3D14AB202B8286C4CAB2E33FCD59961125B5B49E9D82DC134691FCF04A68E8D2B7F3FB71DDC02
0
9F3551E3C72FA02E296815574FE4BF1AAD30EF4AD69A85610CFDFC31B7E0C28FC58751CCB3A6EB17
5
39E6CB006379FB4E974510BCB785CF356C3E96BD226EBFFB811A1A32892FCDC687FD834628D6937B
3
709248276C6810502B8FAF42A41316E57280AAFBA4FC03DF5903F187D6BC131CD27E77D518637C07
5
433909DB5627EDA75867FB4BF3B5F0593BC9B63B52D3285C42151C187700588FA21C389D12934C23
3
32DBF5DD89F2F6CEE71D9DCB9DDC6C34F6A433F5C2F747B7374B27E6FA88B609CDB19374B3277CDF
0
872D816635AC4D982CCBDE8D5CED"
"OODEFRAG11.00.00.01WORKSTATION"="6390CA51089463B4FA6BC03CBC67A42E263A0D1C08A75D1073284A4B49E6B73A3846F15E42EA
5BD77880F74E9222F85980A832368EBD166B66899A1858C5B916CE8DD9BCD5CC5DD58AF9A39BEF2E
B
152F4AB61D4A15DB122B8F8B0BF59C10A964F8F32FE2C25CA28DC6E20AD4F366EDFD7ED421FF0122
C
DF0451A0A1D2671FF137F31B5A3E22372FF2793EB6C1A700294F97F1DC422CB5B7326DF43DDE0B27
4
455672E2C1D35EDAD21B74109E9386FBAD6DA027AEE3F311F042F2D3BABBD8309509DF4F16A17EB4
B
13CD611C03DDF384BB6A77096425366D8CFA3964FA5CC525214C70FEBC9E127BECC74CFEBC9E127B
E
CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980A
C
7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140722682A76A724C31BDFBE2A56B2B5
F
7D5E9FAA398B834CB44C460609C5625B6056ED4179DE65F75FDE741BB1550A2ECA4D1C37DF2ECE22
9
9A93AD379E7E7BD59C1D57895029A063BBA8BDF12E0BACA26D9972FC49E1B28063E6E002DAB4ED4C
3
C965773DC1FF30C7FC3EEBD6E9FC4E4E7BE39B4857899128034BC937627156794674C07C860396E6
5
7FA4D2D52BAE063EDF587BC57AE09F4C911A03CD64E0FCC941443E49E4A31001453D2C193085DD11
B
E29E9DA91A7EF903BE5ACEFE29463F577DF53CC0BBA7A562433852015B342F243165FCA4EDECD8E1
2
1F2F9CF8C5762684D548EF14DA38624C8E6109A4FA14E8779EFC4F23CB087A1ADBEC4C6560165A04
E
DE0082434DB90146D04238D70B3708BD4A9D4E809F07B79C20EAA47A2A609B885A41CC4C97844F60
3
7673E07C0677D0E28EFDD9855F2E7E90FC13A11F0E1A068FDF67E4F2A752119585B1165BF5E1BF81
9
B209580AE239616699A5F3DB9EA748FA2D9555D850625FEC44B081FEF06F28002C31F903C5D57374
6
86CB3718CCB21FC1174A07331D192E85E0F2ABE72E284437A8DEA0EBD4F76BCA52979C1D8390EAD3
7
65F445648F5A364C5FB39D09BC3C1F5BD9FEC23F65541722CD64EC1CA03B637838F3D9530EA77BB0
4
2755A5FD4B87BD2A90884DA26E567BF581057F4CA2D40BFD3EEC9D6C4953AFD7616164006AB1CEC6
4
5D9D9AB67606A46F5CA56ABAC30B2D8AF24A18C86F52330F6908E3AEF752FA13597B95B08A605E8F
1
FE4B7C83C5D73C0D0653913D313FB31AED28BCCE99AAFB3CD2E36B3C87D6DA1BD2E5482927E483E4
0
A6D722B6A72B963543D899E79CD4B99EAD30F93712F4F79CFB00DC7F98A3D287CAB98B11D6D4F4BF
3
5A989883EB3AEF180867C2E9A1ADFACDBB3AAC75BE2E2C7C4EE157D825B4315411559C3C1BA3C7E1
0
30E2187858FEDFC1B364968B7CD2A001BA0C53CD25E574BF69D2E3AB41B0B27CB0F2BF674C28860E
5
D7B03471C6BFCB5A9BCA80F274E3"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\relog_ap.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\RAXCO\PerfectDisk\PDAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\RAXCO\PerfectDisk\PDEngine.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-06  9:19:21 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-06 08:19:19

Przed: 18 541 449 216 bajtów wolnych
Po: 18,492,669,952 bajtów wolnych

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
415	--- E O F ---	2009-02-05 08:37:21

oraz

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:39, on 2009-02-05
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\Zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\MYSECR~1\MSFMON.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl8] "E:\Zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "E:\Zainstalowane\CyberLink Power DVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Skrót do ashDisp.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9036 bytes

Do góry

#2 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #2$ wncvirus

Leń !

851 postów

Napisano 06 02 2009 - 16:05

Wklej do notatnika

FILES::
c:\windows\NV48004816.TMP

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku --> Dołączona grafika

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Daj nowy log po wykonaniu tego

Do góry

#3 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #3$ rafal194

Zaawansowany użytkownik

413 postów

Napisano 06 02 2009 - 18:23

Zrobiłem jak mówiłeś

ale Raczej nie usunęło oto log:

ComboFix 09-02-05.03 - rafal 2009-02-06 17:00:08.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1022.575 [GMT 1:00]
Uruchomiony z: c:\documents and settings\rafal\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\rafal\Pulpit\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090205-1] *On-access scanning enabled* (Updated)
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-06 do 2009-02-06  )))))))))))))))))))))))))))))))
.

2009-02-06 16:21 . 2009-02-06 16:21	<DIR>	d--------	c:\program files\SequoiaView
2009-02-05 18:41 . 2009-02-05 18:41	3,859	--a------	C:\block_online.php
2009-02-05 09:35 . 2009-02-05 11:23	<DIR>	d--------	c:\program files\Norton Security Scan
2009-02-03 11:15 . 2009-02-03 11:15	1,601	--a------	c:\windows\unins001.dat
2009-02-03 11:00 . 2009-02-03 11:00	<DIR>	d--------	c:\program files\Stardock
2009-02-03 11:00 . 2009-02-03 11:00	<DIR>	d--------	c:\program files\Common Files\Stardock
2009-02-03 11:00 . 2004-04-26 13:47	163,456	--a------	c:\windows\system32\drivers\vidstub.sys
2009-02-03 10:13 . 2009-02-03 11:05	<DIR>	d--------	c:\program files\ChomikBox
2009-02-02 21:17 . 2009-02-02 21:22	<DIR>	d--------	c:\program files\SmartFTP Client
2009-02-02 21:05 . 2009-02-02 21:05	<DIR>	d--------	c:\program files\FileZilla FTP Client
2009-02-01 21:52 . 2009-02-01 21:52	<DIR>	d--------	c:\windows\system32\Pajacyk dir
2009-02-01 21:52 . 2009-02-01 21:52	203,264	--a------	c:\windows\system32\Pajacyk.scr
2009-02-01 21:45 . 2009-02-01 22:28	<DIR>	d--------	c:\program files\MySecretFolder XP
2009-01-31 14:12 . 2009-01-31 14:16	<DIR>	d--------	c:\windows\NV48004816.TMP
2009-01-31 01:46 . 2009-01-31 01:46	2,214,745	--a------	c:\windows\Green Rivers no_clock.scr
2009-01-30 17:28 . 2009-01-30 17:28	21,512	--a------	c:\windows\system32\drivers\pxscan.sys
2009-01-30 17:28 . 2009-01-30 17:28	64	--a------	c:\windows\wininit.ini
2009-01-30 09:41 . 2009-01-30 09:41	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\Xentient
2009-01-30 09:40 . 2009-02-06 17:01	<DIR>	d--------	c:\documents and settings\Administrator\Ustawienia lokalne
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Szablony
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji
2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d---s----	c:\documents and settings\Administrator
2009-01-30 00:39 . 2009-02-01 04:17	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Download Manager
2009-01-28 10:32 . 2009-01-28 10:32	<DIR>	d--------	c:\program files\Common Files\Xara
2009-01-26 11:36 . 2009-01-26 11:36	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\CyberLink
2009-01-26 11:35 . 2009-01-26 11:35	<DIR>	d--------	c:\program files\Common Files\CyberLink
2009-01-26 11:35 . 2009-01-26 11:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-26 11:34 . 2009-01-26 11:31	29,480	--a------	c:\windows\system32\msxml3a.dll
2009-01-26 11:11 . 2009-01-26 11:11	<DIR>	d--------	c:\program files\Extra Video Converter
2009-01-26 10:53 . 2009-01-26 10:53	<DIR>	d--------	c:\program files\XviD
2009-01-26 10:53 . 2009-01-26 10:53	<DIR>	d--------	c:\program files\Apex
2009-01-26 10:37 . 2009-01-26 10:37	<DIR>	d--------	c:\windows\WinAVI Video Converter 9.0
2009-01-26 10:37 . 2009-01-26 10:50	<DIR>	d--------	c:\program files\WinAVI Video Converter 9.0
2009-01-25 13:01 . 2009-01-25 13:31	<DIR>	d--------	c:\program files\WinMerge
2009-01-24 21:11 . 2009-01-25 08:30	<DIR>	d--------	c:\program files\Odkurzacz
2009-01-22 17:55 . 2009-02-05 10:44	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\GameHouse
2009-01-22 17:55 . 2009-01-22 17:55	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9
2009-01-22 15:55 . 2009-01-29 23:39	8	--a------	c:\windows\system32\nvModes.dat
2009-01-20 20:28 . 2009-01-20 20:28	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\NeroDCTemplates
2009-01-20 15:49 . 2009-01-31 17:23	183,112	--a------	c:\windows\system32\PnkBstrB.exe
2009-01-20 15:49 . 2009-01-31 17:23	138,184	--a------	c:\windows\system32\drivers\PnkBstrK.sys
2009-01-20 15:49 . 2009-01-20 16:11	66,872	--a------	c:\windows\system32\PnkBstrA.exe
2009-01-20 11:42 . 2009-01-20 11:42	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Leadertech
2009-01-19 21:08 . 2009-01-19 21:08	18	--a------	c:\windows\avi2divx.INI
2009-01-19 20:48 . 2009-01-21 10:26	<DIR>	d--------	C:\ConverterOutput
2009-01-19 20:47 . 2009-01-19 20:47	<DIR>	d--------	c:\windows\system32\codec
2009-01-19 20:47 . 2009-01-19 20:47	<DIR>	d--------	c:\program files\avi2divx
2009-01-19 13:31 . 2009-01-21 10:26	<DIR>	d--------	C:\RmConverterOutput
2009-01-18 11:07 . 2009-01-18 11:07	<DIR>	d--------	c:\program files\Common Files\DirectX
2009-01-18 09:52 . 2009-01-18 10:07	<DIR>	d--------	c:\program files\Webshots
2009-01-18 09:52 . 2009-01-18 09:52	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Webshots
2009-01-17 20:17 . 2009-01-17 20:17	<DIR>	d--------	c:\program files\RMClock
2009-01-17 20:16 . 2009-01-17 20:16	<DIR>	d--------	c:\program files\XN Resource Editor
2009-01-17 16:56 . 2009-01-17 17:02	<DIR>	d--------	C:\Resource Hacker
2009-01-15 23:57 . 2009-01-15 23:57	45	--a------	c:\windows\system32\initdebug.nfo
2009-01-15 08:19 . 2009-01-15 08:19	1,253,376	--a------	c:\windows\system32\NvPVEnc.ax
2009-01-12 20:18 . 2009-01-12 20:18	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\vsosdk
2009-01-12 19:38 . 2009-01-12 19:38	34,308	--a------	c:\windows\system32\Chip.dll
2009-01-12 19:38 . 2009-01-12 19:38	18,152	--a------	c:\windows\system32\Pvt.tmp
2009-01-12 19:37 . 2009-01-12 19:37	<DIR>	d--------	c:\program files\VSO
2009-01-12 19:37 . 2004-05-04 11:53	1,645,320	--a------	c:\windows\gdiplus.dll
2009-01-12 19:37 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\system32\wvc1dmod.dll
2009-01-12 19:37 . 2006-05-11 19:21	626,688	--a------	c:\windows\system32\vp7vfw.dll
2009-01-12 19:37 . 2006-09-29 12:24	217,127	--a------	c:\windows\system32\drv43260.dll
2009-01-12 19:37 . 2006-09-29 12:25	208,935	--a------	c:\windows\system32\drv33260.dll
2009-01-12 19:37 . 2006-09-29 12:26	176,165	--a------	c:\windows\system32\drv23260.dll
2009-01-12 19:37 . 2007-03-18 20:37	65,602	--a------	c:\windows\system32\cook3260.dll
2009-01-12 14:55 . 2009-01-12 14:55	26	--a------	C:\webalizer.hist
2009-01-10 21:21 . 2009-01-30 05:12	<DIR>	d--hs----	C:\Boot
2009-01-10 15:14 . 2009-01-10 15:14	<DIR>	d--------	c:\program files\Lavalys
2009-01-10 10:59 . 2009-01-10 10:59	61	--a------	c:\windows\MouseDrv.INI
2009-01-10 10:58 . 2009-01-10 10:58	<DIR>	d--------	c:\program files\Multimedia Mouse Driver
2009-01-09 20:32 . 2009-01-09 20:32	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\LEGO Company
2009-01-09 08:57 . 2009-01-09 09:19	4,107	--a------	c:\windows\system32\oodbs.lor
2009-01-09 08:46 . 2009-01-09 08:46	0	--a------	c:\windows\oodcnt.INI
2009-01-09 08:44 . 2009-01-09 10:02	<DIR>	d--------	c:\windows\system32\oodag
2009-01-07 23:05 . 2009-01-07 23:05	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Consultia
2009-01-07 22:46 . 2009-01-07 23:05	<DIR>	d--------	c:\program files\CubeDesktop
2009-01-06 20:03 . 2009-01-11 19:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\SugarGames
2009-01-06 08:14 . 2009-01-06 08:14	1,409	--a------	c:\windows\system32\tmpCBF6F.FOT
2009-01-06 08:14 . 2009-01-06 08:14	1,409	--a------	c:\windows\system32\tmpB007F.FOT

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 16:04	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Skype
2009-02-06 16:03	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\skypePM
2009-02-06 16:02	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-05 17:41	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\FileZilla
2009-02-05 08:35	---------	d-----w	c:\program files\Common Files\Symantec Shared
2009-02-02 22:05	8,059	----a-w	c:\windows\gdrv.sys
2009-02-02 22:05	---------	d-----w	c:\program files\Dino And Aliens
2009-02-01 14:35	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\gtk-2.0
2009-01-31 18:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\uTorrent
2009-01-31 13:14	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-01-31 13:14	---------	d-----w	c:\program files\AGEIA Technologies
2009-01-30 21:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI
2009-01-29 01:00	---------	d-----w	c:\program files\uTorrent
2009-01-27 23:03	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-01-26 10:26	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Vso
2009-01-26 10:22	47,360	----a-w	c:\documents and settings\rafal\Dane aplikacji\pcouffin.sys
2009-01-23 18:04	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-01-17 20:07	---------	d-----w	c:\program files\Windows Media Connect 2
2009-01-17 20:03	---------	d-----w	c:\program files\CamStudio
2009-01-17 09:47	125,292	----a-w	c:\windows\system32\proc-1037709799.bin
2009-01-12 18:37	47,360	----a-w	c:\windows\system32\drivers\pcouffin.sys
2009-01-10 08:25	---------	d-----w	c:\program files\SAGEM WiFi manager
2009-01-09 07:11	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Winamp
2009-01-07 10:28	453,152	----a-w	c:\windows\system32\NVUNINST.EXE
2009-01-05 18:05	729,686	----a-w	c:\windows\system32\Alpha Galaxy 1280.scr
2009-01-05 18:05	---------	d-----w	c:\program files\adni18
2009-01-05 17:25	---------	d-----w	c:\program files\Sharks of Nemo
2009-01-05 16:21	---------	d-----w	c:\program files\PopCap Games
2009-01-05 13:37	---------	d-----w	c:\program files\Rockstar Games
2009-01-05 13:37	---------	d-----w	c:\program files\ReflexiveArcade
2009-01-05 13:35	---------	d-----w	c:\program files\Play
2009-01-05 13:34	---------	d-----w	c:\program files\GameTop.com
2009-01-05 13:26	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\EleFun Games
2009-01-04 18:57	---------	d-----r	c:\program files\Skype
2009-01-04 17:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\XemiComputers
2009-01-04 17:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\XemiComputers
2009-01-04 16:58	---------	d-----w	c:\program files\Macromedia
2009-01-04 16:56	---------	d-----w	c:\program files\Common Files\Macromedia
2009-01-01 22:14	---------	d-----w	c:\program files\Nero
2009-01-01 22:14	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Nero
2009-01-01 22:13	---------	d-----w	c:\program files\Common Files\Nero
2009-01-01 22:13	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-31 10:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Symantec
2008-12-31 10:44	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec
2008-12-31 10:42	---------	d-----w	c:\program files\Norton Ghost
2008-12-30 19:22	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Ahead
2008-12-30 18:34	---------	d-----w	c:\program files\GIMP-2.0
2008-12-30 16:47	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Barbie Fashion Show
2008-12-29 12:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Magic Seeds
2008-12-29 11:59	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\PlayFirst
2008-12-29 11:59	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PlayFirst
2008-12-29 11:53	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Go Go Gourmet
2008-12-29 11:47	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Gamelab
2008-12-29 11:44	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Trymedia
2008-12-29 10:08	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Valusoft
2008-12-29 10:08	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Valusoft
2008-12-29 10:07	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Jane s Hotel  Family Hero
2008-12-29 10:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Youdagames
2008-12-29 08:49	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\FreshGames
2008-12-29 08:39	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Go-Go Gourmet Chef of the Year
2008-12-29 08:30	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Alawar
2008-12-29 08:24	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\75-55-88-55-55-55
2008-12-29 08:06	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Acronis
2008-12-29 07:58	---------	d-----w	c:\documents and settings\LocalService\Dane aplikacji\Acronis
2008-12-29 07:54	441,760	----a-w	c:\windows\system32\drivers\timntr.sys
2008-12-29 07:54	44,384	----a-w	c:\windows\system32\drivers\tifsfilt.sys
2008-12-29 07:54	368,480	----a-w	c:\windows\system32\drivers\tdrpman.sys
2008-12-29 07:54	129,248	----a-w	c:\windows\system32\drivers\snapman.sys
2008-12-29 07:54	---------	d-----w	c:\program files\Common Files\Acronis
2008-12-29 07:54	---------	d-----w	c:\program files\Acronis
2008-12-29 07:54	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Acronis
2008-12-29 07:47	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\ViquaSoft
2008-12-29 07:45	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\VirtualFarm
2008-12-29 07:35	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Gogii
2008-12-28 17:41	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Legacy Interactive
2008-12-28 17:39	---------	d-----w	c:\program files\Legacy Interactive
2008-12-26 16:46	---------	d-----w	c:\program files\LSoft Technologies
2008-12-24 10:23	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\SPORE
2008-12-24 09:21	---------	d-----w	c:\program files\Electronic Arts
2008-12-24 09:01	5,930	----a-w	c:\windows\system32\ealregsnapshot1.reg
2008-12-22 22:58	---------	d-----w	c:\program files\GameHouse
2008-12-21 21:36	---------	d-----w	c:\program files\Zylom Games
2008-12-21 21:36	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Zylom
2008-12-21 14:27	---------	d-----w	c:\program files\Common Files\Raxco
2008-12-21 14:21	---------	d-----w	c:\program files\RAXCO
2008-12-21 14:21	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Raxco
2008-12-20 16:12	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\SmartFTP
2008-12-20 10:57	---------	d-----w	c:\program files\FDRLab
2008-12-18 18:15	---------	d-----w	c:\program files\Paint.NET
2008-12-15 14:09	1,728,894	----a-w	c:\windows\Snow Owl  clock.scr
2008-12-15 10:59	---------	d-----w	c:\program files\Build in Time
2008-12-15 10:06	51,712	----a-w	c:\windows\wc98pp.dll
2008-12-13 23:03	---------	d-----w	c:\program files\Binboy
2008-12-13 17:54	---------	d-----w	c:\program files\Secret Maryo Chronicles
2008-12-13 15:12	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-12-13 12:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\smc
2008-12-12 22:18	---------	d-----w	c:\program files\Farm Mania
2008-12-12 18:56	---------	d-----w	c:\program files\McFunSoft Video Capture Convert Burn Solution
2008-12-12 18:17	81,920	----a-w	c:\documents and settings\rafal\Dane aplikacji\ezpinst.exe
2008-12-12 18:14	---------	d-----w	c:\program files\Total Video Converter
.

(((((((((((((((((((((((((((((   SnapShot@2009-02-06_ 9.18.47.60   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-29 10:17:44	364,726	----a-r	c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-02-06 12:29:54	364,726	----a-r	c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-02-06 16:02:25	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_784.dat
+ 2009-02-06 16:02:25	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2009-02-06 16:02:25	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_918.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"RemoteControl8"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-25 99920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-10-21 950272]
Skr˘t do ashDisp.lnk - c:\program files\Alwil Software\Avast4\ashDisp.exe [2008-10-21 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\[u]0[/u]autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\PopCap Games\\Bejeweled Deluxe 1.861\\WinBej.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-01-30 21512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-21 111184]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24:04 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-21 20560]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2008-10-25 3744]
R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-30 4107832]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2008-10-25 3904]
R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [2009-02-01 39424]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-10-21 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcad9646-a2c9-11dd-8c16-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-05 c:\windows\Tasks\Norton Security Scan for rafal.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{43FE2BCB-29B5-4364-8151-E85CD8753969}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.http - anonymous server
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll
FF - plugin: c:\program files\<a href="http://www.download.net.pl/105/K-Lite-Codec-Pack/">K-Lite Codec Pack</a>\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\<a href="http://www.download.net.pl/105/K-Lite-Codec-Pack/">K-Lite Codec Pack</a>\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 17:16:37
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a7,e7,dd,b1,c4,e3,4d,b1,62,0b,c6,b2,21,c2,b7,6c,cc,b7,c8,c1,d0,99,ea,
   99,3e,73,64,34,e6,bd,4d,6b,bb,a3,c5,26,45,1c,d5,7e,dc,89,ab,a3,35,68,80,a9,\
"??"=hex:e1,d5,43,cb,aa,d9,59,5b,c1,7d,eb,6e,70,f9,1e,22

[HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c3,29,99,f7,55,51,91,ed,b9,2f,1f,80,1a,ad,f6,7c,cb,ba,24,83,dd,
   bc,e5,60,7c,de,90,bb,5c,62,ad,92,06,11,1b,8d,9c,93,16,a1,ae,46,3c,55,4e,c9,\
"rkeysecu"=hex:d3,91,4b,31,71,4d,97,0c,de,42,3c,d0,c3,4c,37,ce

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="05401A41EE7C4B04137F4BE1E8FA7D0BAB1CFB8C4914076D9F2B5BE7E3DA01DFCB2BA902B86E
2FAB9B7ECC013D1F9B531EB2F7BA36D7C68A249BDD08A6E264F674B600F643FBAC4511E87CC6052B
3
60F8405F8B0BDF8EA8E4AA3170842F07FA2BC4CFDA42BED872697EDEBA1183C110E0FA6E2E98D8AD
5
E56BDE590FE02B758E44AC847C30A1C754B9912EF3ED06B6554D8119D3F935B5324239FA394E4EB5
1
70FE87DE93908B90CE32B5D1326CEF31C37D0875379B2F54A6D75D597792BEB50076854C9CDA8ECB
D
69E7154981F0D8D028271BBDA5D2493570294AAD77A58C80F765F7EA9B19360BFC4576D467FEBC9E
1
27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E1
2
7BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794DC6AA7F5
0
A4BD7B581D90F8813192FE83A247D628773C8AA1B100AE1D107DE9E470404155B4FBE77C69542BF0
7
380C401F20CA6874B7C4BDC901467D1E8F234EF145C4883D8BC9ED080650EE8660BF3B9EC055C7AF
8
639139AC454B9473CBB3B38B6E6716187821F579914A18A49C0961EF0F3959669AB42686C2957B10
9
58F5092A1D5ACE4D6534D8809C495F31793599E2B44DD96E138624C7EEF690741D32E9304F3060ED
E
278472EADBBA4D7C79C1E8B574C7DA7D7BFCFEE02A16F0021477321174145FCDFDDEDDBBFB2CC02F
D
F6CE244F555CA95BEE82B975432C337133D01842C38091B679AF057DCAA1F86092E1A9C68E210FF0
B
C68478E2B77190E92C3F455CE68C6B30381694785BD882C60A1DD9903CDF45D72407BC48A573EEA2
B
9ED90560A63D9759EB0DAFC890020CF5EAC458A0B67DDD80DC7A48FBA6386FE5CA2EBB573C19187C
8
DB97EDDDD39248F31A8483B054DA079272EF8F8919BF74CC51D1A797A805D8F16F8AEF23F878908F
A
966086348FC7939846ED611B0455909C1670EC08A0055E4C1D71171EC846E3625F4E1E16F0EBA841
B
46F78978F4A84F64B46C0DFA79F54883AA8C2BBDED8C79418F2025123173AC42E7A6433610F220C3
5
55E3D14AB202B8286C4CAB2E33FCD59961125B5B49E9D82DC134691FCF04A68E8D2B7F3FB71DDC02
0
9F3551E3C72FA02E296815574FE4BF1AAD30EF4AD69A85610CFDFC31B7E0C28FC58751CCB3A6EB17
5
39E6CB006379FB4E974510BCB785CF356C3E96BD226EBFFB811A1A32892FCDC687FD834628D6937B
3
709248276C6810502B8FAF42A41316E57280AAFBA4FC03DF5903F187D6BC131CD27E77D518637C07
5
433909DB5627EDA75867FB4BF3B5F0593BC9B63B52D3285C42151C187700588FA21C389D12934C23
3
32DBF5DD89F2F6CEE71D9DCB9DDC6C34F6A433F5C2F747B7374B27E6FA88B609CDB19374B3277CDF
0
872D816635AC4D982CCBDE8D5CED"
"OODEFRAG11.00.00.01WORKSTATION"="6390CA51089463B4FA6BC03CBC67A42E263A0D1C08A75D1073284A4B49E6B73A3846F15E42EA
5BD77880F74E9222F85980A832368EBD166B66899A1858C5B916CE8DD9BCD5CC5DD58AF9A39BEF2E
B
152F4AB61D4A15DB122B8F8B0BF59C10A964F8F32FE2C25CA28DC6E20AD4F366EDFD7ED421FF0122
C
DF0451A0A1D2671FF137F31B5A3E22372FF2793EB6C1A700294F97F1DC422CB5B7326DF43DDE0B27
4
455672E2C1D35EDAD21B74109E9386FBAD6DA027AEE3F311F042F2D3BABBD8309509DF4F16A17EB4
B
13CD611C03DDF384BB6A77096425366D8CFA3964FA5CC525214C70FEBC9E127BECC74CFEBC9E127B
E
CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980A
C
7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140722682A76A724C31BDFBE2A56B2B5
F
7D5E9FAA398B834CB44C460609C5625B6056ED4179DE65F75FDE741BB1550A2ECA4D1C37DF2ECE22
9
9A93AD379E7E7BD59C1D57895029A063BBA8BDF12E0BACA26D9972FC49E1B28063E6E002DAB4ED4C
3
C965773DC1FF30C7FC3EEBD6E9FC4E4E7BE39B4857899128034BC937627156794674C07C860396E6
5
7FA4D2D52BAE063EDF587BC57AE09F4C911A03CD64E0FCC941443E49E4A31001453D2C193085DD11
B
E29E9DA91A7EF903BE5ACEFE29463F577DF53CC0BBA7A562433852015B342F243165FCA4EDECD8E1
2
1F2F9CF8C5762684D548EF14DA38624C8E6109A4FA14E8779EFC4F23CB087A1ADBEC4C6560165A04
E
DE0082434DB90146D04238D70B3708BD4A9D4E809F07B79C20EAA47A2A609B885A41CC4C97844F60
3
7673E07C0677D0E28EFDD9855F2E7E90FC13A11F0E1A068FDF67E4F2A752119585B1165BF5E1BF81
9
B209580AE239616699A5F3DB9EA748FA2D9555D850625FEC44B081FEF06F28002C31F903C5D57374
6
86CB3718CCB21FC1174A07331D192E85E0F2ABE72E284437A8DEA0EBD4F76BCA52979C1D8390EAD3
7
65F445648F5A364C5FB39D09BC3C1F5BD9FEC23F65541722CD64EC1CA03B637838F3D9530EA77BB0
4
2755A5FD4B87BD2A90884DA26E567BF581057F4CA2D40BFD3EEC9D6C4953AFD7616164006AB1CEC6
4
5D9D9AB67606A46F5CA56ABAC30B2D8AF24A18C86F52330F6908E3AEF752FA13597B95B08A605E8F
1
FE4B7C83C5D73C0D0653913D313FB31AED28BCCE99AAFB3CD2E36B3C87D6DA1BD2E5482927E483E4
0
A6D722B6A72B963543D899E79CD4B99EAD30F93712F4F79CFB00DC7F98A3D287CAB98B11D6D4F4BF
3
5A989883EB3AEF180867C2E9A1ADFACDBB3AAC75BE2E2C7C4EE157D825B4315411559C3C1BA3C7E1
0
30E2187858FEDFC1B364968B7CD2A001BA0C53CD25E574BF69D2E3AB41B0B27CB0F2BF674C28860E
5
D7B03471C6BFCB5A9BCA80F274E3"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\relog_ap.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\RAXCO\PerfectDisk\PDAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\RAXCO\PerfectDisk\PDEngine.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-06 17:17:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-06 16:17:32
ComboFix2.txt  2009-02-06 15:50:08

Przed: 21 950 038 016 bajtów wolnych
Po: 21,928,833,024 bajtów wolnych

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
359	--- E O F ---	2009-02-05 08:37:21

Do góry

#4 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #4$ wncvirus

Leń !

851 postów

Napisano 06 02 2009 - 19:52

Jak skryptem nie udało się usunąć to usuń ten plik programem Killbox
Sposób użycia

1.Po zainstalowaniu programu kliknij na przycisk lewy od rączki w celu wybrania poniższego pliku.

c:\windows\NV48004816.TMP

2.Naciśnij na czerwony krzyż w celu usunięcia.

Po wykonaniu tego daj loga z combofix

Do góry

#5 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #5$ rafal194

Zaawansowany użytkownik

413 postów

Napisano 06 02 2009 - 20:37

ComboFix 09-02-05.03 - rafal 2009-02-06 19:31:04.5 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1022.583 [GMT 1:00]

Uruchomiony z: c:\documents and settings\rafal\Pulpit\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090205-1] *On-access scanning disabled* (Updated)



UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

.



(((((((((((((((((((((((((   Pliki utworzone od 2009-01-06 do 2009-02-06  )))))))))))))))))))))))))))))))

.



2009-02-06 19:09 . 2009-02-06 19:14	<DIR>	d--------	C:\!KillBox

2009-02-06 16:21 . 2009-02-06 16:21	<DIR>	d--------	c:\program files\SequoiaView

2009-02-05 18:41 . 2009-02-05 18:41	3,859	--a------	C:\block_online.php

2009-02-05 09:35 . 2009-02-06 18:00	<DIR>	d--------	c:\program files\Norton Security Scan

2009-02-03 11:15 . 2009-02-03 11:15	1,601	--a------	c:\windows\unins001.dat

2009-02-03 11:00 . 2009-02-03 11:00	<DIR>	d--------	c:\program files\Stardock

2009-02-03 11:00 . 2009-02-03 11:00	<DIR>	d--------	c:\program files\Common Files\Stardock

2009-02-03 11:00 . 2004-04-26 13:47	163,456	--a------	c:\windows\system32\drivers\vidstub.sys

2009-02-03 10:13 . 2009-02-03 11:05	<DIR>	d--------	c:\program files\ChomikBox

2009-02-02 21:17 . 2009-02-02 21:22	<DIR>	d--------	c:\program files\SmartFTP Client

2009-02-02 21:05 . 2009-02-02 21:05	<DIR>	d--------	c:\program files\FileZilla FTP Client

2009-02-01 21:52 . 2009-02-01 21:52	<DIR>	d--------	c:\windows\system32\Pajacyk dir

2009-02-01 21:52 . 2009-02-01 21:52	203,264	--a------	c:\windows\system32\Pajacyk.scr

2009-02-01 21:45 . 2009-02-01 22:28	<DIR>	d--------	c:\program files\MySecretFolder XP

2009-01-31 01:46 . 2009-01-31 01:46	2,214,745	--a------	c:\windows\Green Rivers no_clock.scr

2009-01-30 17:28 . 2009-01-30 17:28	21,512	--a------	c:\windows\system32\drivers\pxscan.sys

2009-01-30 17:28 . 2009-01-30 17:28	64	--a------	c:\windows\wininit.ini

2009-01-30 09:41 . 2009-01-30 09:41	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji\Xentient

2009-01-30 09:40 . 2009-02-06 19:32	<DIR>	d--------	c:\documents and settings\Administrator\Ustawienia lokalne

2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Szablony

2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d--------	c:\documents and settings\Administrator\Dane aplikacji

2009-01-30 09:40 . 2009-01-30 09:47	<DIR>	d---s----	c:\documents and settings\Administrator

2009-01-30 00:39 . 2009-02-01 04:17	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Download Manager

2009-01-28 10:32 . 2009-01-28 10:32	<DIR>	d--------	c:\program files\Common Files\Xara

2009-01-26 11:36 . 2009-01-26 11:36	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\CyberLink

2009-01-26 11:35 . 2009-01-26 11:35	<DIR>	d--------	c:\program files\Common Files\CyberLink

2009-01-26 11:35 . 2009-01-26 11:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\CyberLink

2009-01-26 11:34 . 2009-01-26 11:31	29,480	--a------	c:\windows\system32\msxml3a.dll

2009-01-26 11:11 . 2009-01-26 11:11	<DIR>	d--------	c:\program files\Extra Video Converter

2009-01-26 10:53 . 2009-01-26 10:53	<DIR>	d--------	c:\program files\XviD

2009-01-26 10:53 . 2009-01-26 10:53	<DIR>	d--------	c:\program files\Apex

2009-01-26 10:37 . 2009-01-26 10:37	<DIR>	d--------	c:\windows\WinAVI Video Converter 9.0

2009-01-26 10:37 . 2009-01-26 10:50	<DIR>	d--------	c:\program files\WinAVI Video Converter 9.0

2009-01-25 13:01 . 2009-01-25 13:31	<DIR>	d--------	c:\program files\WinMerge

2009-01-24 21:11 . 2009-01-25 08:30	<DIR>	d--------	c:\program files\Odkurzacz

2009-01-22 17:55 . 2009-02-05 10:44	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\GameHouse

2009-01-22 17:55 . 2009-01-22 17:55	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9

2009-01-22 15:55 . 2009-01-29 23:39	8	--a------	c:\windows\system32\nvModes.dat

2009-01-20 20:28 . 2009-01-20 20:28	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\NeroDCTemplates

2009-01-20 15:49 . 2009-01-31 17:23	183,112	--a------	c:\windows\system32\PnkBstrB.exe

2009-01-20 15:49 . 2009-01-31 17:23	138,184	--a------	c:\windows\system32\drivers\PnkBstrK.sys

2009-01-20 15:49 . 2009-01-20 16:11	66,872	--a------	c:\windows\system32\PnkBstrA.exe

2009-01-20 11:42 . 2009-01-20 11:42	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Leadertech

2009-01-19 21:08 . 2009-01-19 21:08	18	--a------	c:\windows\avi2divx.INI

2009-01-19 20:48 . 2009-01-21 10:26	<DIR>	d--------	C:\ConverterOutput

2009-01-19 20:47 . 2009-01-19 20:47	<DIR>	d--------	c:\windows\system32\codec

2009-01-19 20:47 . 2009-01-19 20:47	<DIR>	d--------	c:\program files\avi2divx

2009-01-19 13:31 . 2009-01-21 10:26	<DIR>	d--------	C:\RmConverterOutput

2009-01-18 11:07 . 2009-01-18 11:07	<DIR>	d--------	c:\program files\Common Files\DirectX

2009-01-18 09:52 . 2009-01-18 10:07	<DIR>	d--------	c:\program files\Webshots

2009-01-18 09:52 . 2009-01-18 09:52	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Webshots

2009-01-17 20:17 . 2009-01-17 20:17	<DIR>	d--------	c:\program files\RMClock

2009-01-17 20:16 . 2009-01-17 20:16	<DIR>	d--------	c:\program files\XN Resource Editor

2009-01-17 16:56 . 2009-01-17 17:02	<DIR>	d--------	C:\Resource Hacker

2009-01-15 23:57 . 2009-01-15 23:57	45	--a------	c:\windows\system32\initdebug.nfo

2009-01-15 08:19 . 2009-01-15 08:19	1,253,376	--a------	c:\windows\system32\NvPVEnc.ax

2009-01-12 20:18 . 2009-01-12 20:18	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\vsosdk

2009-01-12 19:38 . 2009-01-12 19:38	34,308	--a------	c:\windows\system32\Chip.dll

2009-01-12 19:38 . 2009-01-12 19:38	18,152	--a------	c:\windows\system32\Pvt.tmp

2009-01-12 19:37 . 2009-01-12 19:37	<DIR>	d--------	c:\program files\VSO

2009-01-12 19:37 . 2004-05-04 11:53	1,645,320	--a------	c:\windows\gdiplus.dll

2009-01-12 19:37 . 2006-05-20 16:16	1,184,984	--a------	c:\windows\system32\wvc1dmod.dll

2009-01-12 19:37 . 2006-05-11 19:21	626,688	--a------	c:\windows\system32\vp7vfw.dll

2009-01-12 19:37 . 2006-09-29 12:24	217,127	--a------	c:\windows\system32\drv43260.dll

2009-01-12 19:37 . 2006-09-29 12:25	208,935	--a------	c:\windows\system32\drv33260.dll

2009-01-12 19:37 . 2006-09-29 12:26	176,165	--a------	c:\windows\system32\drv23260.dll

2009-01-12 19:37 . 2007-03-18 20:37	65,602	--a------	c:\windows\system32\cook3260.dll

2009-01-12 14:55 . 2009-01-12 14:55	26	--a------	C:\webalizer.hist

2009-01-10 21:21 . 2009-01-30 05:12	<DIR>	d--hs----	C:\Boot

2009-01-10 15:14 . 2009-01-10 15:14	<DIR>	d--------	c:\program files\Lavalys

2009-01-10 10:59 . 2009-01-10 10:59	61	--a------	c:\windows\MouseDrv.INI

2009-01-10 10:58 . 2009-01-10 10:58	<DIR>	d--------	c:\program files\Multimedia Mouse Driver

2009-01-09 20:32 . 2009-01-09 20:32	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\LEGO Company

2009-01-09 08:57 . 2009-01-09 09:19	4,107	--a------	c:\windows\system32\oodbs.lor

2009-01-09 08:46 . 2009-01-09 08:46	0	--a------	c:\windows\oodcnt.INI

2009-01-09 08:44 . 2009-01-09 10:02	<DIR>	d--------	c:\windows\system32\oodag

2009-01-07 23:05 . 2009-01-07 23:05	<DIR>	d--------	c:\documents and settings\rafal\Dane aplikacji\Consultia

2009-01-07 22:46 . 2009-01-07 23:05	<DIR>	d--------	c:\program files\CubeDesktop

2009-01-06 20:03 . 2009-01-11 19:38	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\SugarGames

2009-01-06 08:14 . 2009-01-06 08:14	1,409	--a------	c:\windows\system32\tmpCBF6F.FOT

2009-01-06 08:14 . 2009-01-06 08:14	1,409	--a------	c:\windows\system32\tmpB007F.FOT



.

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 18:33	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-02-06 18:30	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Skype

2009-02-06 18:29	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\uTorrent

2009-02-06 16:03	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\skypePM

2009-02-05 17:41	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\FileZilla

2009-02-05 08:35	---------	d-----w	c:\program files\Common Files\Symantec Shared

2009-02-02 22:05	8,059	----a-w	c:\windows\gdrv.sys

2009-02-02 22:05	---------	d-----w	c:\program files\Dino And Aliens

2009-02-01 14:35	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\gtk-2.0

2009-01-31 13:14	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-01-31 13:14	---------	d-----w	c:\program files\AGEIA Technologies

2009-01-30 21:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI

2009-01-29 01:00	---------	d-----w	c:\program files\uTorrent

2009-01-27 23:03	---------	d--h--w	c:\program files\InstallShield Installation Information

2009-01-26 10:26	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Vso

2009-01-26 10:22	47,360	----a-w	c:\documents and settings\rafal\Dane aplikacji\pcouffin.sys

2009-01-23 18:04	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles

2009-01-17 20:07	---------	d-----w	c:\program files\Windows Media Connect 2

2009-01-17 20:03	---------	d-----w	c:\program files\CamStudio

2009-01-15 07:19	6,301,248	----a-w	c:\windows\system32\drivers\nv4_mini.sys

2009-01-12 18:37	47,360	----a-w	c:\windows\system32\drivers\pcouffin.sys

2009-01-10 08:25	---------	d-----w	c:\program files\SAGEM WiFi manager

2009-01-09 07:11	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Winamp

2009-01-05 18:05	---------	d-----w	c:\program files\adni18

2009-01-05 17:25	---------	d-----w	c:\program files\Sharks of Nemo

2009-01-05 16:21	---------	d-----w	c:\program files\PopCap Games

2009-01-05 13:37	---------	d-----w	c:\program files\Rockstar Games

2009-01-05 13:37	---------	d-----w	c:\program files\ReflexiveArcade

2009-01-05 13:35	---------	d-----w	c:\program files\Play

2009-01-05 13:34	---------	d-----w	c:\program files\GameTop.com

2009-01-05 13:26	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\EleFun Games

2009-01-04 18:57	---------	d-----r	c:\program files\Skype

2009-01-04 17:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\XemiComputers

2009-01-04 17:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\XemiComputers

2009-01-04 16:58	---------	d-----w	c:\program files\Macromedia

2009-01-04 16:56	---------	d-----w	c:\program files\Common Files\Macromedia

2009-01-01 22:14	---------	d-----w	c:\program files\Nero

2009-01-01 22:14	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Nero

2009-01-01 22:13	---------	d-----w	c:\program files\Common Files\Nero

2009-01-01 22:13	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Nero

2008-12-31 10:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Symantec

2008-12-31 10:44	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec

2008-12-31 10:42	---------	d-----w	c:\program files\Norton Ghost

2008-12-30 19:22	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Ahead

2008-12-30 18:34	---------	d-----w	c:\program files\GIMP-2.0

2008-12-30 16:47	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Barbie Fashion Show

2008-12-29 12:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Magic Seeds

2008-12-29 11:59	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\PlayFirst

2008-12-29 11:59	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PlayFirst

2008-12-29 11:53	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Go Go Gourmet

2008-12-29 11:47	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Gamelab

2008-12-29 11:44	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Trymedia

2008-12-29 10:08	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Valusoft

2008-12-29 10:08	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Valusoft

2008-12-29 10:07	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Jane s Hotel  Family Hero

2008-12-29 10:02	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Youdagames

2008-12-29 08:49	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\FreshGames

2008-12-29 08:39	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Go-Go Gourmet Chef of the Year

2008-12-29 08:30	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Alawar

2008-12-29 08:24	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\75-55-88-55-55-55

2008-12-29 08:06	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Acronis

2008-12-29 07:58	---------	d-----w	c:\documents and settings\LocalService\Dane aplikacji\Acronis

2008-12-29 07:54	441,760	----a-w	c:\windows\system32\drivers\timntr.sys

2008-12-29 07:54	44,384	----a-w	c:\windows\system32\drivers\tifsfilt.sys

2008-12-29 07:54	368,480	----a-w	c:\windows\system32\drivers\tdrpman.sys

2008-12-29 07:54	129,248	----a-w	c:\windows\system32\drivers\snapman.sys

2008-12-29 07:54	---------	d-----w	c:\program files\Common Files\Acronis

2008-12-29 07:54	---------	d-----w	c:\program files\Acronis

2008-12-29 07:54	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Acronis

2008-12-29 07:47	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\ViquaSoft

2008-12-29 07:45	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\VirtualFarm

2008-12-29 07:35	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Gogii

2008-12-28 17:41	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Legacy Interactive

2008-12-28 17:39	---------	d-----w	c:\program files\Legacy Interactive

2008-12-26 16:46	---------	d-----w	c:\program files\LSoft Technologies

2008-12-24 10:23	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\SPORE

2008-12-24 09:21	---------	d-----w	c:\program files\Electronic Arts

2008-12-22 22:58	---------	d-----w	c:\program files\GameHouse

2008-12-21 21:36	---------	d-----w	c:\program files\Zylom Games

2008-12-21 21:36	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\Zylom

2008-12-21 14:27	---------	d-----w	c:\program files\Common Files\Raxco

2008-12-21 14:21	---------	d-----w	c:\program files\RAXCO

2008-12-21 14:21	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Raxco

2008-12-20 16:12	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\SmartFTP

2008-12-20 10:57	---------	d-----w	c:\program files\FDRLab

2008-12-18 18:15	---------	d-----w	c:\program files\Paint.NET

2008-12-15 14:09	1,728,894	----a-w	c:\windows\Snow Owl  clock.scr

2008-12-15 10:59	---------	d-----w	c:\program files\Build in Time

2008-12-15 10:06	51,712	----a-w	c:\windows\wc98pp.dll

2008-12-13 23:03	---------	d-----w	c:\program files\Binboy

2008-12-13 17:54	---------	d-----w	c:\program files\Secret Maryo Chronicles

2008-12-13 15:12	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Ahead

2008-12-13 12:52	---------	d-----w	c:\documents and settings\rafal\Dane aplikacji\smc

2008-12-12 22:18	---------	d-----w	c:\program files\Farm Mania

2008-12-12 18:56	---------	d-----w	c:\program files\McFunSoft Video Capture Convert Burn Solution

2008-12-12 18:17	81,920	----a-w	c:\documents and settings\rafal\Dane aplikacji\ezpinst.exe

2008-12-12 18:14	---------	d-----w	c:\program files\Total Video Converter

2008-12-12 11:47	---------	d-----w	c:\program files\PowerISO

2008-12-11 10:57	333,952	----a-w	c:\windows\system32\drivers\srv.sys

2008-12-06 22:14	---------	d-----w	c:\program files\Fox

.



(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960]

"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

"RemoteControl8"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-25 99920]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]

"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]



c:\documents and settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-10-21 950272]

Skr˘t do ashDisp.lnk - c:\program files\Alwil Software\Avast4\ashDisp.exe [2008-10-21 81000]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XVID"= xvid.dll



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute	REG_MULTI_SZ   	PDBoot.exe\[u]0[/u]autocheck autochk *



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\PopCap Games\\Bejeweled Deluxe 1.861\\WinBej.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port



R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-01-30 21512]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-21 111184]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24:04 41456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-21 20560]

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2008-10-25 3744]

R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-30 4107832]

R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]

R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2008-10-25 3904]

R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [2009-02-01 39424]

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-10-21 450560]

S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe

\Shell\dinstall\command - k:\directx\dxsetup.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcad9646-a2c9-11dd-8c16-806d6172696f}]

\Shell\AutoRun\command - F:\setup.exe



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Zawartość folderu 'Zaplanowane zadania'



2009-02-06 c:\windows\Tasks\Norton Security Scan for rafal.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]



2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{43FE2BCB-29B5-4364-8151-E85CD8753969}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000

IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll

Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - prefs.js: network.proxy.http - anonymous server

FF - prefs.js: network.proxy.http_port - 81

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

.



**************************************************************************



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 19:33:48

Windows 5.1.2600 Dodatek Service Pack 3 NTFS



skanowanie ukrytych procesów ...  



skanowanie ukrytych wpisów autostartu ... 



skanowanie ukrytych plików ...  



skanowanie pomyślnie ukończone

ukryte pliki: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------



[HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a7,e7,dd,b1,c4,e3,4d,b1,62,0b,c6,b2,21,c2,b7,6c,cc,b7,c8,c1,d0,99,ea,

   99,3e,73,64,34,e6,bd,4d,6b,bb,a3,c5,26,45,1c,d5,7e,dc,89,ab,a3,35,68,80,a9,\

"??"=hex:e1,d5,43,cb,aa,d9,59,5b,c1,7d,eb,6e,70,f9,1e,22



[HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:c3,29,99,f7,55,51,91,ed,b9,2f,1f,80,1a,ad,f6,7c,cb,ba,24,83,dd,

   bc,e5,60,7c,de,90,bb,5c,62,ad,92,06,11,1b,8d,9c,93,16,a1,ae,46,3c,55,4e,c9,\

"rkeysecu"=hex:d3,91,4b,31,71,4d,97,0c,de,42,3c,d0,c3,4c,37,ce



[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOSAFEERASE03.00.00.01MSWINDOWS"="05401A41EE7C4B04137F4BE1E8FA7D0BAB1CFB8C4914076D9F2B5BE7E3DA01DFCB2BA902B86E

2FAB9B7ECC013D1F9B531EB2F7BA36D7C68A249BDD08A6E264F674B600F643FBAC4511E87CC6052B3

60F8405F8B0BDF8EA8E4AA3170842F07FA2BC4CFDA42BED872697EDEBA1183C110E0FA6E2E98D8AD5

E56BDE590FE02B758E44AC847C30A1C754B9912EF3ED06B6554D8119D3F935B5324239FA394E4EB51

70FE87DE93908B90CE32B5D1326CEF31C37D0875379B2F54A6D75D597792BEB50076854C9CDA8ECBD

69E7154981F0D8D028271BBDA5D2493570294AAD77A58C80F765F7EA9B19360BFC4576D467FEBC9E1

27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12

7BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794DC6AA7F50

A4BD7B581D90F8813192FE83A247D628773C8AA1B100AE1D107DE9E470404155B4FBE77C69542BF07

380C401F20CA6874B7C4BDC901467D1E8F234EF145C4883D8BC9ED080650EE8660BF3B9EC055C7AF8

639139AC454B9473CBB3B38B6E6716187821F579914A18A49C0961EF0F3959669AB42686C2957B109

58F5092A1D5ACE4D6534D8809C495F31793599E2B44DD96E138624C7EEF690741D32E9304F3060EDE

278472EADBBA4D7C79C1E8B574C7DA7D7BFCFEE02A16F0021477321174145FCDFDDEDDBBFB2CC02FD

F6CE244F555CA95BEE82B975432C337133D01842C38091B679AF057DCAA1F86092E1A9C68E210FF0B

C68478E2B77190E92C3F455CE68C6B30381694785BD882C60A1DD9903CDF45D72407BC48A573EEA2B

9ED90560A63D9759EB0DAFC890020CF5EAC458A0B67DDD80DC7A48FBA6386FE5CA2EBB573C19187C8

DB97EDDDD39248F31A8483B054DA079272EF8F8919BF74CC51D1A797A805D8F16F8AEF23F878908FA

966086348FC7939846ED611B0455909C1670EC08A0055E4C1D71171EC846E3625F4E1E16F0EBA841B

46F78978F4A84F64B46C0DFA79F54883AA8C2BBDED8C79418F2025123173AC42E7A6433610F220C35

55E3D14AB202B8286C4CAB2E33FCD59961125B5B49E9D82DC134691FCF04A68E8D2B7F3FB71DDC020

9F3551E3C72FA02E296815574FE4BF1AAD30EF4AD69A85610CFDFC31B7E0C28FC58751CCB3A6EB175

39E6CB006379FB4E974510BCB785CF356C3E96BD226EBFFB811A1A32892FCDC687FD834628D6937B3

709248276C6810502B8FAF42A41316E57280AAFBA4FC03DF5903F187D6BC131CD27E77D518637C075

433909DB5627EDA75867FB4BF3B5F0593BC9B63B52D3285C42151C187700588FA21C389D12934C233

32DBF5DD89F2F6CEE71D9DCB9DDC6C34F6A433F5C2F747B7374B27E6FA88B609CDB19374B3277CDF0

872D816635AC4D982CCBDE8D5CED"

"OODEFRAG11.00.00.01WORKSTATION"="6390CA51089463B4FA6BC03CBC67A42E263A0D1C08A75D1073284A4B49E6B73A3846F15E42EA

5BD77880F74E9222F85980A832368EBD166B66899A1858C5B916CE8DD9BCD5CC5DD58AF9A39BEF2EB

152F4AB61D4A15DB122B8F8B0BF59C10A964F8F32FE2C25CA28DC6E20AD4F366EDFD7ED421FF0122C

DF0451A0A1D2671FF137F31B5A3E22372FF2793EB6C1A700294F97F1DC422CB5B7326DF43DDE0B274

455672E2C1D35EDAD21B74109E9386FBAD6DA027AEE3F311F042F2D3BABBD8309509DF4F16A17EB4B

13CD611C03DDF384BB6A77096425366D8CFA3964FA5CC525214C70FEBC9E127BECC74CFEBC9E127BE

CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC

7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140722682A76A724C31BDFBE2A56B2B5F

7D5E9FAA398B834CB44C460609C5625B6056ED4179DE65F75FDE741BB1550A2ECA4D1C37DF2ECE229

9A93AD379E7E7BD59C1D57895029A063BBA8BDF12E0BACA26D9972FC49E1B28063E6E002DAB4ED4C3

C965773DC1FF30C7FC3EEBD6E9FC4E4E7BE39B4857899128034BC937627156794674C07C860396E65

7FA4D2D52BAE063EDF587BC57AE09F4C911A03CD64E0FCC941443E49E4A31001453D2C193085DD11B

E29E9DA91A7EF903BE5ACEFE29463F577DF53CC0BBA7A562433852015B342F243165FCA4EDECD8E12

1F2F9CF8C5762684D548EF14DA38624C8E6109A4FA14E8779EFC4F23CB087A1ADBEC4C6560165A04E

DE0082434DB90146D04238D70B3708BD4A9D4E809F07B79C20EAA47A2A609B885A41CC4C97844F603

7673E07C0677D0E28EFDD9855F2E7E90FC13A11F0E1A068FDF67E4F2A752119585B1165BF5E1BF819

B209580AE239616699A5F3DB9EA748FA2D9555D850625FEC44B081FEF06F28002C31F903C5D573746

86CB3718CCB21FC1174A07331D192E85E0F2ABE72E284437A8DEA0EBD4F76BCA52979C1D8390EAD37

65F445648F5A364C5FB39D09BC3C1F5BD9FEC23F65541722CD64EC1CA03B637838F3D9530EA77BB04

2755A5FD4B87BD2A90884DA26E567BF581057F4CA2D40BFD3EEC9D6C4953AFD7616164006AB1CEC64

5D9D9AB67606A46F5CA56ABAC30B2D8AF24A18C86F52330F6908E3AEF752FA13597B95B08A605E8F1

FE4B7C83C5D73C0D0653913D313FB31AED28BCCE99AAFB3CD2E36B3C87D6DA1BD2E5482927E483E40

A6D722B6A72B963543D899E79CD4B99EAD30F93712F4F79CFB00DC7F98A3D287CAB98B11D6D4F4BF3

5A989883EB3AEF180867C2E9A1ADFACDBB3AAC75BE2E2C7C4EE157D825B4315411559C3C1BA3C7E10

30E2187858FEDFC1B364968B7CD2A001BA0C53CD25E574BF69D2E3AB41B0B27CB0F2BF674C28860E5

D7B03471C6BFCB5A9BCA80F274E3"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------



- - - - - - - > 'lsass.exe'(1320)

c:\windows\system32\relog_ap.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\RAXCO\PerfectDisk\PDAgent.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\rundll32.exe

c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

c:\windows\system32\rundll32.exe

c:\program files\RAXCO\PerfectDisk\PDEngine.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Winamp\winamp.exe

.

**************************************************************************

.

Czas ukończenia: 2009-02-06 19:36:24 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt  2009-02-06 18:36:21

ComboFix2.txt  2009-02-06 17:07:09



Przed: 21 915 619 328 bajtów wolnych

Po: 21,895,663,616 bajtów wolnych



Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5

352	--- E O F ---	2009-02-05 08:37:21

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003

#1 rafal194

#2 wncvirus

#3 rafal194

#4 wncvirus

#5 rafal194

Użytkownicy przeglądający ten temat: 0

Zaloguj się

#1 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #1$ rafal194

#2 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #2$ wncvirus

#3 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #3$ rafal194

#4 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #4$ wncvirus

#5 $Logi - Wirus w E:\\RECYCLER\\S-1-5-21-1454471165-1177238915-725345543-1003: post #5$ rafal194