Spowolnione działanie komputera,strony www nie otwieraja sie

system · 3 Lipiec 2008 12:58

Zamieszczam loga, ponieważ system ostatnio reaguje w bardzo zwolnionym tempie, często nie odpowiada, wyskakują jakieś dziwne komunikaty/niebieski ekran.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:49:01, on 2008-07-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Program Files\BearShare\BearShare.exe

F:\WINDOWS\ATKKBService.exe

F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

D:\Winamp\winampa.exe

F:\WINDOWS\system32\HPZipm12.exe

F:\Program Files\Messenger\msmsgs.exe

F:\Program Files\Skype\Phone\Skype.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

F:\Program Files\VIA\RAID\raid_tool.exe

F:\Program Files\OpenOffice.ux.pl 2.4.0\program\soffice.exe

F:\Program Files\OpenOffice.ux.pl 2.4.0\program\soffice.BIN

F:\Program Files\Skype\Plugin Manager\skypePM.exe

D:\Winamp\winamp.exe

F:\WINDOWS\system32\wuauclt.exe

D:\Gadu-Gadu\gg.exe

F:\Program Files\Mozilla Firefox\firefox.exe

E:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [bearShare] “D:\Program Files\BearShare\BearShare.exe” /pause

O4 - HKLM…\Run: [sunJavaUpdateSched] “F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”

O4 - HKLM…\Run: [AVP] “F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe”

O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM…\Run: [TkBellExe] “D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [QuickTime Task] “D:\QTTask.exe” -atboottime

O4 - HKLM…\Run: [FortKnoxPersonalFirewall] “D:\FortKnox Personal Firewall 2008\FortKnoxGUI.exe”

O4 - HKCU…\Run: [MSMSGS] “F:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [bitComet] “F:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKCU…\Run: [skype] “F:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [ares] “D:\Ares\Ares.exe” -h

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: OpenOffice.ux.pl 2.4.0.lnk = F:\Program Files\OpenOffice.ux.pl 2.4.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: F:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - D:\FortKnox Personal Firewall 2008\FortKnox.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

–

End of file - 6342 bytes

Leon1 · 3 Lipiec 2008 13:13

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

system · 3 Lipiec 2008 15:09

KASPERSKY ONLINE SCANNER REPORT

3 lipiec 2008 17:03:20

System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)

Kaspersky Online Scanner wersja: 5.0.98.0

Ostatnia aktualizacja Kaspersky Anti-Virus 3/07/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus910352

Ustawienia skanowania

Skanowanie przy użyciu następujących baz danych rozszerzone

Skanuj archiwa tak

Skanuj pocztowe bazy danych tak

Obszar skanowania Obszary krytyczne

F:\WINDOWS

F:\DOCUME~1\MARTUK~1\USTAWI~1\Temp\

Statystyki skanowania

Liczba skanowanych obiektów 16033

Liczba wykrytych wirusów 2

Liczba zainfekowanych obiektów 2

Liczba podejrzanych obiektów 0

Czas trwania skanowania 00:34:06

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

F:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

F:\WINDOWS\SchedLgU.Txt Object is locked pominięty

F:\WINDOWS\SoftwareDistribution\EventCache{F329A864-6655-45E7-9163-70ABFE4ADB8F}.bin Object is locked pominięty

F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

F:\WINDOWS\Sti_Trace.log Object is locked pominięty

F:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty

F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty

F:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

F:\WINDOWS\system32\config\default Object is locked pominięty

F:\WINDOWS\system32\config\default.LOG Object is locked pominięty

F:\WINDOWS\system32\config\SAM Object is locked pominięty

F:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

F:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

F:\WINDOWS\system32\config\SECURITY Object is locked pominięty

F:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

F:\WINDOWS\system32\config\software Object is locked pominięty

F:\WINDOWS\system32\config\software.LOG Object is locked pominięty

F:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

F:\WINDOWS\system32\config\system Object is locked pominięty

F:\WINDOWS\system32\config\system.LOG Object is locked pominięty

F:\WINDOWS\system32\drivers\fidbox.dat Object is locked pominięty

F:\WINDOWS\system32\drivers\fidbox.idx Object is locked pominięty

F:\WINDOWS\system32\drivers\fidbox2.dat Object is locked pominięty

F:\WINDOWS\system32\drivers\fidbox2.idx Object is locked pominięty

F:\WINDOWS\system32\h323log.txt Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

F:\WINDOWS\Temp\cch~40544831.htp Object is locked pominięty

F:\WINDOWS\Temp\cch~40544ffb.htp Object is locked pominięty

F:\WINDOWS\Temp\cch~56a5580b.htp Object is locked pominięty

F:\WINDOWS\Temp\cch~56a55f51.htp Object is locked pominięty

F:\WINDOWS\wiadebug.log Object is locked pominięty

F:\WINDOWS\wiaservc.log Object is locked pominięty

F:\WINDOWS\WindowsUpdate.log Object is locked pominięty

F:\DOCUME~1\MARTUK~1\USTAWI~1\Temp\Perflib_Perfdata_3e0.dat Object is locked pominięty

F:\DOCUME~1\MARTUK~1\USTAWI~1\Temp\Perflib_Perfdata_ec0.dat Object is locked pominięty

F:\DOCUME~1\MARTUK~1\USTAWI~1\Temp\temp.frC850\bar\1.bin\MGSBAR.DLL Zainfekowanych: not-a-virus:WebToolbar.Win32.MyWebSearch.dh pominięty

F:\DOCUME~1\MARTUK~1\USTAWI~1\Temp\temp.frC850\bar\1.bin\NPMYGLSH.DLL Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.i pominięty

Proces skanowania został zakończony.

spandaupol · 3 Lipiec 2008 15:13

Przeskanuj obszar Mój komputer nie tylko obszary krytyczne.

Usuń te pliki

Opróżnij katalog temp

system · 3 Lipiec 2008 15:33

Nie można usunąć cch~56a55f51: Plik jest używany przez inna osobe lub program.

(Temp)

spandaupol · 3 Lipiec 2008 15:36

OK Przeskanuj obszar Mój komputer

Leon1 · 3 Lipiec 2008 17:41

Do czyszczenia tempów zastosuj ATF Cleaner http://cybertrash.pl/images/tata/ATF/ATF.html

Gutek · 3 Lipiec 2008 19:33

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

system · 4 Lipiec 2008 12:34

nie mogłam zamieścic wyniku skanowania bo bylo za duzo tego, nie dalo sie tez wysłac do stron z pliami.

Log z Combofix

ComboFix 08-07-03.5 - Martuśka 2008-07-04 14:24:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.291 [GMT 2:00]

Running from: F:\Documents and Settings\Martuśka\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

F:\WINDOWS\system32\tmp69.tmp

.

((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))

.

2008-07-04 14:04 . 2008-07-04 14:04

2008-07-03 15:29 . 2008-07-03 15:29

2008-07-03 15:26 . 2008-07-03 15:26

2008-07-03 15:08 . 2008-07-03 15:08

2008-07-03 15:07 . 2008-07-03 15:09

2008-07-02 11:13 . 2008-07-02 11:27

2008-06-28 21:49 . 2008-06-28 21:50

2008-06-28 21:32 . 2008-06-28 21:32

2008-06-26 23:22 . 2008-07-01 10:24

2008-06-26 23:22 . 2002-01-05 15:37 344,064 --a–c— F:\WINDOWS\system32\msvcr70.dll

2008-06-21 14:53 . 2008-06-21 14:53 4 --a–c— F:\WINDOWS\system32\proc1395793746.bin

2008-06-20 15:42 . 2008-06-20 15:42 848 --ahsc— F:\WINDOWS\system32\KGyGaAvL.sys

2008-06-20 14:58 . 2000-10-10 12:01 198,656 --a–c— F:\WINDOWS\system32\comdlg32.ocx

2008-06-20 14:57 . 2008-04-22 19:46

2008-06-20 14:24 . 2008-06-20 14:24

2008-06-20 13:36 . 2008-06-20 13:36

2008-06-20 13:36 . 2008-07-02 15:44

2008-06-20 13:36 . 2008-06-20 13:36

2008-06-20 13:36 . 2008-06-20 13:36 3,917 --a–c— F:\uninstall.ini

2008-06-20 13:33 . 2008-06-20 13:33 0 --ah-c— F:\WINDOWS\SwSys2.bmp

2008-06-20 13:33 . 2008-06-20 13:33 0 --ah-c— F:\WINDOWS\SwSys1.bmp

2008-06-19 13:16 . 2008-06-19 13:16

2008-06-14 23:09 . 2008-06-14 23:09

2008-06-14 23:09 . 2007-07-21 14:52 903,168 --a–c— F:\WINDOWS\virginity.scr

2008-06-14 23:09 . 2007-07-21 14:53 495,104 --a–c— F:\WINDOWS\virginity.exe

2008-06-14 23:09 . 2008-02-13 16:45 480,056 --a–c— F:\WINDOWS\virginity.bmp

2008-06-14 23:09 . 2008-02-13 16:40 9,359 --a–c— F:\WINDOWS\virginity.swf

2008-06-14 23:09 . 2007-11-23 09:19 2,238 --a–c— F:\WINDOWS\virginity.ico

2008-06-14 23:09 . 2008-02-13 16:52 662 --a–c— F:\WINDOWS\virginity.c3

2008-06-14 23:09 . 2008-02-13 16:52 662 --a–c— F:\WINDOWS\virginity.c1

2008-06-14 23:09 . 2006-10-24 18:06 639 --a–c— F:\WINDOWS\virginity.c4

2008-06-14 23:09 . 2006-10-08 20:33 0 --a–c— F:\WINDOWS\virginity.ini

2008-06-13 18:36 . 2008-06-13 18:36 130,208 -r—c--- F:\WINDOWS\bwUnin-8.1.1.87-8876480SL.exe

2008-06-13 18:35 . 2008-06-13 18:35

2008-06-13 17:27 . 2008-06-13 17:27

2008-06-12 16:40 . 2008-06-12 16:40

2008-06-12 16:39 . 2008-06-12 16:39

2008-06-11 16:58 . 2008-06-14 20:01 273,024 -----c— F:\WINDOWS\system32\dllcache\bthport.sys

2008-06-07 20:57 . 2008-06-07 20:57

2008-06-07 20:57 . 2008-06-07 20:57 940,794 --a–c— F:\WINDOWS\system32\LoopyMusic.wav

2008-06-07 20:57 . 2008-06-07 20:57 146,650 --a–c— F:\WINDOWS\system32\BuzzingBee.wav

2008-06-07 12:35 . 2007-07-09 15:11 584,192 -----c— F:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-06-06 23:55 . 2008-06-20 20:26

2008-06-06 20:56 . 2008-06-06 20:56

2008-06-05 21:54 . 2008-06-05 21:54 98,304 --a–c— F:\WINDOWS\system32\qttask.exe

2008-06-05 21:40 . 2003-08-18 05:10 122,880 --a–c— F:\WINDOWS\system32\directx.cpl

2008-06-05 21:40 . 2003-03-25 05:49 106,544 --a–c— F:\WINDOWS\system32\tweakui.cpl

2008-06-05 21:40 . 2003-03-25 05:49 98,304 --a–c— F:\WINDOWS\system32\startup.cpl

2008-06-05 21:40 . 2004-02-17 10:11 53,248 --a–c— F:\WINDOWS\system32\vp6dec_settings.cpl

2008-06-05 21:40 . 2003-03-25 05:49 51,238 --a–c— F:\WINDOWS\system32\tweakui.hlp

2008-06-04 21:03 . 2008-06-04 21:03 25 --a–c— F:\WINDOWS\cdplayer.ini

2008-06-04 20:56 . 2008-06-04 20:56

2008-06-04 20:55 . 2008-06-04 20:56

2008-06-04 19:55 . 2008-06-04 19:56

2008-06-04 19:55 . 2004-01-25 17:49 303,104 --a–c— F:\WINDOWS\system32\RealMediaSplitter.ax

2008-06-04 19:00 . 2008-07-03 17:17 8,192 --ahsc— F:\WINDOWS\Thumbs.db

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 12:27 6,184 -csha-w F:\WINDOWS\system32\drivers\fidbox2.idx

2008-07-04 12:27 573,472 -csha-w F:\WINDOWS\system32\drivers\fidbox2.dat

2008-07-04 12:27 4,576,800 -csha-w F:\WINDOWS\system32\drivers\fidbox.dat

2008-07-04 12:27 39,980 -csha-w F:\WINDOWS\system32\drivers\fidbox.idx

2008-07-04 12:06 --------- dc----w F:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-07-01 09:52 --------- dc-h–w F:\Program Files\InstallShield Installation Information

2008-07-01 08:31 --------- dc----w F:\Program Files\WebLog Expert

2008-06-14 18:01 273,024 -c----w F:\WINDOWS\system32\drivers\bthport.sys

2008-06-06 19:13 --------- dc----w F:\Program Files\Java

2008-06-05 16:17 --------- dc----w F:\Program Files\Common Files\Adobe

2008-06-03 18:18 96,966 -c–a-w F:\WINDOWS\system32\drivers\klin.dat

2008-06-03 18:18 88,774 -c–a-w F:\WINDOWS\system32\drivers\klick.dat

2008-06-03 18:12 --------- dc----w F:\Program Files\Common Files\Hewlett-Packard

2008-06-03 18:10 --------- dc----w F:\Program Files\HP

2008-06-03 17:55 --------- dc----w F:\Program Files\Kaspersky Lab

2008-06-03 16:24 --------- dc----w F:\Program Files\OpenOffice.ux.pl 2.4.0

2008-06-03 16:23 --------- dc----w F:\Program Files\Common Files\Java

2008-06-03 15:57 --------- dc----w F:\Program Files\VideoLAN

2008-06-03 15:31 108,144 -c–a-w F:\WINDOWS\system32\CmdLineExt.dll

2008-06-03 14:51 --------- dc----w F:\Program Files\ATI Technologies

2008-06-03 14:45 --------- dc----w F:\Program Files\VIA

2008-06-03 14:44 --------- dc----w F:\Program Files\Common Files\InstallShield

2008-06-03 14:43 --------- dc----w F:\Program Files\Realtek Sound Manager

2008-06-03 14:43 --------- dc----w F:\Program Files\AvRack

2008-06-03 14:42 --------- dc----w F:\Program Files\AMD

2008-06-03 14:41 4,096 -c–a-w F:\WINDOWS\gdrv.sys

2008-06-03 14:26 --------- dc----w F:\Program Files\microsoft frontpage

2008-06-03 14:24 --------- dc----w F:\Program Files\Usługi online

2008-05-23 10:55 210,184 -c–a-w F:\WINDOWS\system32\klogon.dll

2008-05-23 10:54 24,774 -c–a-w F:\WINDOWS\system32\drivers\klopp.dat

2008-05-08 12:28 202,752 -c–a-w F:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:16 1,291,264 -c–a-w F:\WINDOWS\system32\quartz.dll

2008-04-28 10:29 805,400 -c–a-r F:\WINDOWS\system32\tmp6A.tmp

2008-04-22 10:57 444,952 -c–a-w F:\WINDOWS\system32\wrap_oal.dll

2008-04-22 10:57 109,080 -c–a-w F:\WINDOWS\system32\OpenAL32.dll

2008-04-21 07:03 662,016 -c–a-w F:\WINDOWS\system32\wininet.dll

2008-04-20 15:45 846,868 -c–a-w F:\SaveData.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

2008-05-23 12:55 62728 --a–c— F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“D:\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“Skype”=“F:\Program Files\Skype\Phone\Skype.exe” [2008-05-30 15:54 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-12 21:10 339968]

“BearShare”=“D:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04 3313664]

“SunJavaUpdateSched”=“F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 04:28 144784]

“FortKnoxPersonalFirewall”=“D:\FortKnox Personal Firewall 2008\FortKnoxGUI.exe” [2008-06-06 14:00 1665616]

“MSConfig”=“F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2004-08-04 00:44 159744]

“AVP”=“F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe” [2008-05-23 12:54 201992]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“F:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.iac2”= D:\ACEMEG~1\SystemS\Intel\iac25_32.ax

“vidc.avrn”= D:\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.advj”= D:\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.mszh”= D:\ACEMEG~1\SystemS\avimszh.dll

“vidc.zlib”= D:\ACEMEG~1\SystemS\avizlib.dll

“vidc.cscd”= D:\ACEMEG~1\SystemS\camcodec.dll

“vidc.cvid”= D:\ACEMEG~1\SystemS\iccvid.dll

“msacm.trspch”= D:\ACEMEG~1\SystemS\tssoft32.acm

“vidc.em2v”= D:\ACEMEG~1\SystemS\etxcodec.dll

“vidc.mkvc”= D:\ACEMEG~1\SystemS\kmvidc32.dll

“vidc.hfyu”= D:\ACEMEG~1\SystemS\huffyuv.dll

“msacm.lameacm”= D:\ACEMEG~1\SystemS\lameacm.acm

“msacm.lhacm”= D:\ACEMEG~1\SystemS\lhacm.acm

“msacm.l3acm”= D:\ACEMEG~1\SystemS\l3codecp.acm

“vidc.sjpg”= D:\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.dmb2”= D:\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.gepj”= D:\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.qpeg”= D:\ACEMEG~1\SystemS\Qpeg32.dll

“vidc.q1.0”= D:\ACEMEG~1\SystemS\Qpeg32.dll

“msacm.sl_anet”= D:\ACEMEG~1\SystemS\sl_anet.acm

“vidc.tscc”= D:\ACEMEG~1\SystemS\tsccvid.dll

“vidc.vifp”= D:\ACEMEG~1\SystemS\vfcodec.dll

“vidc.wrpr”= D:\ACEMEG~1\SystemS\aviwrap.dll

“vidc.wnv1”= D:\ACEMEG~1\SystemS\wnvplay1.dll

“vidc.advs”= D:\ACEMEG~1\SystemS\Adaptec\Dvc.dll

“vidc.aflc”= D:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.afli”= D:\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.aasc”= D:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.aas4”= D:\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.asv1”= D:\ACEMEG~1\SystemS\ASUS\asusasv1.dll

“vidc.asv2”= D:\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.asvx”= D:\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.vcr1”= D:\ACEMEG~1\SystemS\ATI\ativcr1.dll

“vidc.vcr2”= D:\ACEMEG~1\SystemS\ATI\ativcr2.dll

“vidc.yv12”= D:\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

“vidc.mwv1”= D:\ACEMEG~1\SystemS\Aware\icmw_32.dll

“vidc.bt20”= D:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“vidc.y41p”= D:\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“msacm.pcdv”= D:\ACEMEG~1\SystemS\Canopus\pcdv.acm

“vidc.cdvc”= D:\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

“vidc.ddvc”= D:\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

“vidc.png1”= D:\ACEMEG~1\SystemS\Core\COREPN~1.DLL

“msacm.CoreFLAC_ACM”= D:\ACEMEG~1\SystemS\Core\COREFL~1.ACM

“vidc.davc”= D:\ACEMEG~1\SystemS\dicas\davcvfw.dll

“vidc.div3”= D:\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div5”= D:\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.mpg3”= D:\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div4”= D:\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.div6”= D:\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.ap41”= D:\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.dvx4”= D:\ACEMEG~1\SystemS\DivX\divx4.dll

“vidc.divx”= D:\ACEMEG~1\SystemS\DivX\DivX520.dll

“msacm.divxa32”= D:\ACEMEG~1\SystemS\DivX\divxa32.acm

“vidc.frwd”= D:\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwt”= D:\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwa”= D:\ACEMEG~1\SystemS\Forward\frwt.dll

“vidc.frwu”= D:\ACEMEG~1\SystemS\Forward\frwu.dll

“vidc.glzw”= D:\ACEMEG~1\SystemS\Gabest\GLZW.dll

“vidc.gpeg”= D:\ACEMEG~1\SystemS\Gabest\GPEG.dll

“vidc.i263”= D:\ACEMEG~1\SystemS\Intel\i263_32.drv

“vidc.iv30”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv31”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv32”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv33”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv34”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv35”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv36”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv37”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv38”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv39”= D:\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv40”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv41”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv42”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv43”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv44”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv45”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv46”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv47”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv48”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv49”= D:\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv50”= D:\ACEMEG~1\SystemS\Intel\ir50_32.dll

“vidc.iyuv”= D:\ACEMEG~1\SystemS\Intel\iyuv_32.dll

“vidc.yvu9”= D:\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

“vidc.ir21”= D:\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“vidc.rt21”= D:\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“msacm.imc”= D:\ACEMEG~1\SystemS\Intel\IMC32.ACM

“vidc.lead”= D:\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

“vidc.dvsd”= D:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvc”= D:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvcs”= D:\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dcmj”= D:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi1”= D:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi2”= D:\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.dv25”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.dv50”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.msmc”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmjp”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx1”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx2”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx3”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx4”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx5”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx6”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx7”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx8”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx9”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmes”= D:\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“msacm.msadpcm”= D:\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

“msacm.imaadpcm”= D:\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

“msacm.msg711”= D:\ACEMEG~1\SystemS\MICROS~1\msg711.acm

“msacm.msg723”= D:\ACEMEG~1\SystemS\MICROS~1\msg723.acm

“msacm.msgsm610”= D:\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

“vidc.m261”= D:\ACEMEG~1\SystemS\MICROS~1\msh261.drv

“vidc.m263”= D:\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.i420”= D:\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.mrle”= D:\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

“vidc.uyvy”= D:\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yuy2”= D:\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yvyu”= D:\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.msvc”= D:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.cram”= D:\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.mpg4”= D:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp41”= D:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp42”= D:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp43”= D:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4s”= D:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4v”= D:\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.wmv3”= D:\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

“msacm.msaudio1”= D:\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

“vidc.vixl”= D:\ACEMEG~1\SystemS\Miro\miroxl32.dll

“vidc.nt00”= D:\ACEMEG~1\SystemS\Newtek\ntcodec.dll

“msacm.vorbis”= D:\ACEMEG~1\SystemS\OGG\vorbis.acm

“vidc.vp30”= D:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp31”= D:\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp60”= D:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.vp61”= D:\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.pdvc”= D:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.ipdv”= D:\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.pvw2”= D:\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

“vidc.pimj”= D:\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

“vidc.mjpx”= D:\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

“vidc.miro”= D:\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.dcap”= D:\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.mjpa”= D:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.gpjm”= D:\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.pim1”= D:\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

“msacm.qmpeg”= D:\ACEMEG~1\SystemS\QDesign\qmpeg.acm

“vidc.rmp4”= D:\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

“vidc.rud0”= D:\ACEMEG~1\SystemS\Rududu\rududu.dll

“msacm.at3”= D:\ACEMEG~1\SystemS\SONY\atrac3.acm

“vidc.sony”= D:\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.dvcp”= D:\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.s422”= D:\ACEMEG~1\SystemS\Tekram\tekyuv.dll

“vidc.t420”= D:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.y411”= D:\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.vssv”= D:\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

“msacm.voxacm160”= D:\ACEMEG~1\SystemS\VoxWare\vct3216.acm

“vidc.xvid”= D:\ACEMEG~1\SystemS\XviD\xvidvfw.dll

“vidc.ffds”= E:\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a--c— 2008-05-27 10:50 413696 D:\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a--c— 2008-04-01 20:49 36352 D:\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

–a--c— 2004-12-22 11:09 77824 F:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“D:\Program Files\BearShare\BearShare.exe”=

“F:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“F:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“F:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=

“F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=

“D:\Gadu-Gadu\gg.exe”=

“C:\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe”=

“C:\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe”=

“F:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“9268:TCP”= 9268:TCP:BitComet 9268 TCP

“9268:UDP”= 9268:UDP:BitComet 9268 UDP

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

“AllowInboundEchoRequest”= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;F:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]

R1 fortknox_drv;fortknox_drv;F:\WINDOWS\system32\drivers\fortknoxfw.sys [2008-03-05 18:51]

R2 fortknox;FortKnox Personal Firewall;D:\FortKnox Personal Firewall 2008\FortKnox.exe [2008-03-31 17:35]

R3 Fkndisf;FortKnox Firewall NDIS Filter Service;F:\WINDOWS\system32\DRIVERS\fortknoxfw_ndisim.sys [2008-03-05 18:51]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;F:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]

.

Contents of the ‘Scheduled Tasks’ folder

“2008-06-12 14:40:03 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

F:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

- - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe

MSConfigStartUp-ares - D:\Ares\Ares.exe

MSConfigStartUp-BitComet - F:\Program Files\BitComet\BitComet.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-04 14:28:44

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

F:\WINDOWS\TEMP\cc6rqk39.TMP

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

F:\WINDOWS\system32\ati2evxx.exe

F:\WINDOWS\ATKKBService.exe

F:\WINDOWS\system32\HPZipm12.exe

F:\WINDOWS\system32\wdfmgr.exe

F:\WINDOWS\system32\wscntfy.exe

F:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-07-04 14:30:33 - machine was rebooted [Martuka]

ComboFix-quarantined-files.txt 2008-07-04 12:30:30

Pre-Run: 7,600,447,488 bajtów wolnych

Post-Run: 7,655,104,512 bajt˘w wolnych

361 — E O F — 2008-06-20 18:28:21

Gutek · 5 Lipiec 2008 00:06

F:\WINDOWS\TEMP

oczyść TEMP

Wykonaj skan Dr. Web CureIt
Daj loga z mbr.exe

system · 10 Lipiec 2008 20:42

tealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

huber2t · 10 Lipiec 2008 21:14

Log ok

Przeskanauj jeszcze system Dr Webem i usuń wirusy